Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

IrfanView 4.56

CVE-2020-35133

irfanView 4.56 Contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing and denial of service.

image00400000+0xDB60

The bug

eax=7ffde000 ebx=00000000 ecx=00000000 edx=7714ecc3 esi=00000000 edi=00000000

eip=770e3bfc esp=023fff5c ebp=023fff88 iopl=0 nv up ei pl zr na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

(90c.1e88): Access violation - code c0000005 (first chance)

First chance exceptions are reported before any exception handling.

This exception may be expected and handled.

eax=00035250 ebx=00035250 ecx=000372c0 edx=ffffffe4 esi=0027edb0 edi=ffffffe4

eip=0040db60 esp=00127c08 ebp=01eb0048 iopl=0 nv up ei ng nz ac pe cy

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010297

*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\IrfanView2\i_view32.exe

i_view32+0xdb60:

0040db60 8a0433 mov al,byte ptr [ebx+esi] ds:0023:002b4000=??