KLA11205 Multiple vulnerabilities in IrfanView

Multiple serious vulnerabilities have been found in IrfanView 4.50. Malicious users can exploit these vulnerabilities to cause a denial of service or execute arbitrary code.

Below is a complete list of vulnerabilities:

1. A buffer overflow vulnerability can be exploited locally via a specially crafted *.dds file to cause a denial of service;
2. A buffer overflow vulnerability can be exploited locally via a specially crafted *.tif file to cause a denial of service;
3. Multiple buffer overflow vulnerabilities can be exploited locally via a specially crafted *.dwg file to cause a denial of service or execute arbitrary code.

Original advisories

Related products

IrfanView

CVE list

CVE-2017-15737 high

CVE-2017-15738 high

CVE-2017-15739 high

CVE-2017-15740 high

CVE-2017-15741 high

CVE-2017-15742 high

CVE-2017-15743 high

CVE-2017-15744 high

CVE-2017-15745 high

CVE-2017-15746 high

CVE-2017-15747 high

CVE-2017-15748 high

CVE-2017-15749 high

CVE-2017-15750 high

CVE-2017-15751 high

CVE-2017-15752 high

CVE-2017-15753 high

CVE-2017-15754 high

CVE-2017-15755 high

CVE-2017-15756 high

CVE-2017-15757 high

CVE-2017-15758 high

CVE-2017-15759 high

CVE-2017-15760 high

CVE-2017-15761 high

CVE-2017-15762 high

CVE-2017-15763 high

CVE-2017-15764 high

CVE-2017-15765 high

CVE-2017-15766 high

CVE-2017-15767 high

CVE-2017-15768 high

CVE-2017-15769 high

Solution

Update to the latest version

IrfanView – Official Homepage

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

• IrfanView version 4.50