IrfanView 4.27 JPEG 2000 Multiple Vulnerabilities

IrfanView 4.27 JPEG 2000 Multiple Vulnerabilities fuzzing, security, blackbox, tests, i_view32.exe, DoS, JPEG2000, JP2 IrfanView 4.27 JPEG 2000 Multiple Vulnerabilities FMA-2010-004 IrfanView 4.27 http://www.irfanview.com i_view32.exe 4.27 58150C1AC5B86C1A6B5E15FE1C3A870D JPEG2000.dll 4.2.6.0 50B3DCD4F32C9939722A905A06AD371A Windows XP SP3 Home Edition Windows XP SP3 Professional Edition 2010.08.08 2012.02.16 2012.03.25 Denial of Service triggered in JPEG2000.dll module, loaded at address 0x10000000. Denial of Service is caused by integer division by zero at address 0x10010056. FuzzMyApp have indentified 15 vulnerable samples during fuzzing JPEG 2000 samples, which triggers given vulnerability. DoS Integer division by zero in JPEG2000.dll module at address 0x10010056. Integer division by zero in JPEG2000.dll module at address 0x10010056. 10010031 8B5424 20 MOV EDX,DWORD PTR SS:[ESP+20] 10010035 897424 28 MOV DWORD PTR SS:[ESP+28],ESI 10010039 8D8A 30040000 LEA ECX,DWORD PTR DS:[EDX+430] 1001003F 8B43 2C MOV EAX,DWORD PTR DS:[EBX+2C] 10010042 33D2 XOR EDX,EDX 10010044 8A1430 MOV DL,BYTE PTR DS:[EAX+ESI] 10010047 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24] 1001004B 8BFA MOV EDI,EDX 1001004D 8B50 20 MOV EDX,DWORD PTR DS:[EAX+20] 10010050 8D4417 FF LEA EAX,DWORD PTR DS:[EDI+EDX-1] 10010054 33D2 XOR EDX,EDX 10010056 F7F7 DIV EDI ; integer division by zero 10010058 33D2 XOR EDX,EDX 1001005A 8941 F8 MOV DWORD PTR DS:[ECX-8],EAX 1001005D 8B43 30 MOV EAX,DWORD PTR DS:[EBX+30] 10010060 8A1430 MOV DL,BYTE PTR DS:[EAX+ESI] 10010063 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24] 10010067 8BFA MOV EDI,EDX image01s.png 100 51 image01.png Integer division by zero Integer division by zero Denial of Service triggered in JPEG2000.dll module, loaded at address 0x10000000. Denial of Service is caused by integer division by zero at address 0x10010072. FuzzMyApp have indentified 9 vulnerable samples during fuzzing JPEG 2000 samples, which triggers given vulnerability. DoS Integer division by zero in JPEG2000.dll module at address 0x10010072. Integer division by zero in JPEG2000.dll module at address 0x10010072. 1001005A 8941 F8 MOV DWORD PTR DS:[ECX-8],EAX 1001005D 8B43 30 MOV EAX,DWORD PTR DS:[EBX+30] 10010060 8A1430 MOV DL,BYTE PTR DS:[EAX+ESI] 10010063 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24] 10010067 8BFA MOV EDI,EDX 10010069 8B50 24 MOV EDX,DWORD PTR DS:[EAX+24] 1001006C 8D4417 FF LEA EAX,DWORD PTR DS:[EDI+EDX-1] 10010070 33D2 XOR EDX,EDX 10010072 F7F7 DIV EDI ; integer division by zero 10010074 33D2 XOR EDX,EDX 10010076 8941 FC MOV DWORD PTR DS:[ECX-4],EAX 10010079 8B43 2C MOV EAX,DWORD PTR DS:[EBX+2C] 1001007C 8A1430 MOV DL,BYTE PTR DS:[EAX+ESI] 1001007F 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24] 10010083 8BFA MOV EDI,EDX 10010085 8B50 28 MOV EDX,DWORD PTR DS:[EAX+28] image02s.png 100 51 image02.png Integer division by zero Integer division by zero