Irfanview
CVE-2017-15743
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADIMAGE+0x00000000003d24a0."
AnalysisAI
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADIMAGE+0x00000000003d24a0." Affected products include: Irfanview, Irfanview Cadimage. Version information: version 12.0.0.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute a
In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x00000000
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. Rated high severity (CVSS 7.8), th
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98. Rated high severity (CVSS 7.8), th
irfanView 4.56 contains an error processing parsing files of type .pcx. Rated high severity (CVSS 7.5), this vulnerabili
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote
Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000
An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. Rated high
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4. Rated hig
Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code s
Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today