16 lines
No EOL
727 B
Text
16 lines
No EOL
727 B
Text
Title: JPEGView - Image Viewer and Editor RCE POC
|
|
Date: 18 November'13
|
|
Author: Debasish Mandal ( https://twitter.com/debasishm89 )
|
|
Version: JPEGView v1.0.29
|
|
Download Link : http://sourceforge.net/projects/jpegview/
|
|
Vendor Patch : Patched in version v1.0.30
|
|
Issue Ticket : http://sourceforge.net/p/jpegview/bugs/31/
|
|
Release Note : http://sourceforge.net/projects/jpegview/files/jpegview/1.0.30/
|
|
Tested on: Windows XP SP2
|
|
|
|
A read access violation near function pointer call can be triggered by feeding a specially crafted
|
|
image(width or height smaller than 65535 ) which could lead to code exec.
|
|
|
|
The file that causes the AV is attached:
|
|
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29707.gif |