Lucene search

K
kasperskyKaspersky LabKLA11205
HistoryOct 22, 2017 - 12:00 a.m.

KLA11205 Multiple vulnerabilities in IrfanView

2017-10-2200:00:00
Kaspersky Lab
threats.kaspersky.com
18

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

33.3%

Multiple serious vulnerabilities have been found in IrfanView 4.50. Malicious users can exploit these vulnerabilities to cause a denial of service or execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A buffer overflow vulnerability can be exploited locally via a specially crafted *.dds file to cause a denial of service;
  2. A buffer overflow vulnerability can be exploited locally via a specially crafted *.tif file to cause a denial of service;
  3. Multiple buffer overflow vulnerabilities can be exploited locally via a specially crafted *.dwg file to cause a denial of service or execute arbitrary code.

Original advisories

Related products

IrfanView

CVE list

CVE-2017-15737 high

CVE-2017-15738 high

CVE-2017-15739 high

CVE-2017-15740 high

CVE-2017-15741 high

CVE-2017-15742 high

CVE-2017-15743 high

CVE-2017-15744 high

CVE-2017-15745 high

CVE-2017-15746 high

CVE-2017-15747 high

CVE-2017-15748 high

CVE-2017-15749 high

CVE-2017-15750 high

CVE-2017-15751 high

CVE-2017-15752 high

CVE-2017-15753 high

CVE-2017-15754 high

CVE-2017-15755 high

CVE-2017-15756 high

CVE-2017-15757 high

CVE-2017-15758 high

CVE-2017-15759 high

CVE-2017-15760 high

CVE-2017-15761 high

CVE-2017-15762 high

CVE-2017-15763 high

CVE-2017-15764 high

CVE-2017-15765 high

CVE-2017-15766 high

CVE-2017-15767 high

CVE-2017-15768 high

CVE-2017-15769 high

Solution

Update to the latest version

IrfanView – Official Homepage

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • IrfanView version 4.50

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

33.3%