IrfanView 4.32 JPEG 2000 Multi-Layer Image Format (JPM 4.33) Denial of Service
fuzzing, security, blackbox, tests, i_view32.exe, DoS, JPM
IrfanView 4.32 JPEG 2000 Multi-Layer Image Format (JPM 4.33) Denial of Service
FMA-2012-004
IrfanView
4.32
http://www.irfanview.com
i_view32.exe
4.32
89804B494D19D98BF54F9365909E626A
JPM.dll
4.33
D6B0C55C3A3E77EB1F740A60DF5EF5AE
Windows XP SP3 Home Edition
Windows XP SP3 Professional Edition
Windows 7 SP1 Home Premium
2012.03.11
2012.03.11
2012.07.11
Integer division by zero in JPM.dll module (version 4.33) during processing of malformed JPM file.
DoS
After all fixes in version 4.32 of JMP module (FMA-2011-001) we have run a full new fuzzing run agains the latest JPM module (version 4.33). Again we came with new samples. New samples caused integer division by zero in module JPM.dll at address 0x1001B65D (JPM.dll is loaded at 0x10000000).
Integer division by zero exception.
1001B628 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10]
1001B62C 51 PUSH ECX
1001B62D 50 PUSH EAX
1001B62E E8 8DB1FFFF CALL JPM.100167C0
1001B633 83C4 08 ADD ESP,8
1001B636 85C0 TEST EAX,EAX
1001B638 0F85 A9010000 JNZ JPM.1001B7E7
1001B63E 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+10]
1001B642 85F6 TEST ESI,ESI
1001B644 8B5C24 24 MOV EBX,DWORD PTR SS:[ESP+24]
1001B648 74 09 JE SHORT JPM.1001B653
1001B64A 395E 1C CMP DWORD PTR DS:[ESI+1C],EBX
1001B64D 0F83 8F010000 JNB JPM.1001B7E2
1001B653 8D045B LEA EAX,DWORD PTR DS:[EBX+EBX*2]
1001B656 8D0C80 LEA ECX,DWORD PTR DS:[EAX+EAX*4]
1001B659 33D2 XOR EDX,EDX
1001B65B 8BC1 MOV EAX,ECX
1001B65D F7F3 DIV EBX ; Integer division by zero
1001B65F 83F8 0F CMP EAX,0F
image01s.png
100
84
image01.png
Integer division by zero exception
Integer division by zero exception