Skip to main content

Irfanview CVE-2013-6932

HIGH
Buffer Overflow (CWE-119)
2013-12-28 vultures@jpcert.or.jp
7.6
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.6 HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:H/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
High
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Dec 28, 2013 - 04:53 cve.org
HIGH 7.6

DescriptionCVE.org

Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window.

AnalysisAI

Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 15.0% and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window. Affected products include: Irfanview. Version information: before 4.37.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2012-0897 MEDIUM POC
6.8 Jan 20

Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute a

CVE-2019-16887 HIGH POC
7.8 Sep 25

In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x00000000

CVE-2019-13243 HIGH POC
7.8 Jul 04

IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. Rated high severity (CVSS 7.8), th

CVE-2019-13242 HIGH POC
7.8 Jul 04

IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98. Rated high severity (CVSS 7.8), th

CVE-2020-35133 HIGH POC
7.5 Dec 16

irfanView 4.56 contains an error processing parsing files of type .pcx. Rated high severity (CVSS 7.5), this vulnerabili

CVE-2023-26974 MEDIUM POC
5.5 Apr 04

Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000

CVE-2017-2813 HIGH
8.8 Jun 21

An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. Rated high

CVE-2020-13905 HIGH
8.8 Jun 10

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4. Rated hig

CVE-2013-5351 HIGH
7.5 Feb 14

Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code s

CVE-2012-5904 MEDIUM
6.8 Nov 17

Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE

CVE-2017-9528 HIGH
7.8 Jul 05

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial

CVE-2017-8370 HIGH
7.8 Jul 05

IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote attackers to execute arbitrary code or cause a denial

Share

CVE-2013-6932 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy