17 Dec 2013
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when handling the LZW code stream within GIF files and can be exploited to cause a heap-based buffer overflow via a specially crafted GIF file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 4.36. Prior versions may also be affected.
Update to version 4.37.
Dmitry Janushkevich, Secunia Research.