CVE-2009-2118

Name of the Vulnerable Software and Affected Versions IrfanView version 4.23

Description The issue is caused by an integer overflow when resampling certain 1 BPP images, which can trigger a heap-based buffer overflow. This can be exploited by tricking a user into opening a specially crafted TIFF file, potentially compromising the user's system. The exploitation requires that a resampling or screen fitting option is used.

Recommendations For IrfanView version 4.23, as a temporary workaround, consider disabling the resampling or screen fitting option when opening images, especially TIFF files, until a patch is available. Avoid opening specially crafted TIFF files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.