IrfanView 4.32 JPEG 2000 Multi-Layer Image Format (JPM 4.33) Denial of Service fuzzing, security, blackbox, tests, i_view32.exe, DoS, JPM FMA-2012-004 IrfanView 4.32 http://www.irfanview.com i_view32.exe 4.32 89804B494D19D98BF54F9365909E626A JPM.dll 4.33 D6B0C55C3A3E77EB1F740A60DF5EF5AE Windows XP SP3 Home Edition Windows XP SP3 Professional Edition Windows 7 SP1 Home Premium 2012.03.11 2012.03.11 2012.07.11 Integer division by zero in JPM.dll module (version 4.33) during processing of malformed JPM file. DoS After all fixes in version 4.32 of JMP module (FMA-2011-001) we have run a full new fuzzing run agains the latest JPM module (version 4.33). Again we came with new samples. New samples caused integer division by zero in module JPM.dll at address 0x1001B65D (JPM.dll is loaded at 0x10000000). Integer division by zero exception. 1001B628 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10] 1001B62C 51 PUSH ECX 1001B62D 50 PUSH EAX 1001B62E E8 8DB1FFFF CALL JPM.100167C0 1001B633 83C4 08 ADD ESP,8 1001B636 85C0 TEST EAX,EAX 1001B638 0F85 A9010000 JNZ JPM.1001B7E7 1001B63E 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+10] 1001B642 85F6 TEST ESI,ESI 1001B644 8B5C24 24 MOV EBX,DWORD PTR SS:[ESP+24] 1001B648 74 09 JE SHORT JPM.1001B653 1001B64A 395E 1C CMP DWORD PTR DS:[ESI+1C],EBX 1001B64D 0F83 8F010000 JNB JPM.1001B7E2 1001B653 8D045B LEA EAX,DWORD PTR DS:[EBX+EBX*2] 1001B656 8D0C80 LEA ECX,DWORD PTR DS:[EAX+EAX*4] 1001B659 33D2 XOR EDX,EDX 1001B65B 8BC1 MOV EAX,ECX 1001B65D F7F3 DIV EBX ; Integer division by zero 1001B65F 83F8 0F CMP EAX,0F image01s.png 100 84 image01.png Integer division by zero exception Integer division by zero exception