Flashpix Plugin
Monthly
Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.4%.
Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.3%.
Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.4%.
Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.3%.