Irfanview Security Vulnerabilities and Issues — Page 4 of Irfanview CVE List

CVE•added 2024/11/22 9:15 p.m.•40 views

CVE-2024-11570

IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...

7.8CVSS8AI score0.00143EPSS

CVE•added 2024/08/28 6:15 p.m.•40 views

CVE-2024-44913

An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).

5.5CVSS6.7AI score0.0001EPSS

CVE•added 2024/08/28 6:15 p.m.•40 views

CVE-2024-44915

An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).

5.5CVSS6.7AI score0.00032EPSS

CVE•added 2024/11/22 8:15 p.m.•40 views

CVE-2024-5874

IrfanView PNT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

7.8CVSS8AI score0.00603EPSS

CVE•added 2010/05/14 7:30 p.m.•39 views

CVE-2010-1510

Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.

5CVSS8.4AI score0.04765EPSS

CVE-2017-15741

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Possible Stack Corruption starting at CADIMAGE+0x00000000003d2378."

CVE-2017-15751

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000009f39."

CVE-2017-15757

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x00000000000029...

7.8CVSS8AI score0.00189EPSS

CVE-2017-15765

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at CADIMAGE+0x...

7.8CVSS7.9AI score0.00341EPSS

CVE-2017-9528

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000000f53."

7.8CVSS7.9AI score0.00209EPSS

CVE-2017-9532

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX+0x0000000000001555."

7.8CVSS7.9AI score0.00209EPSS

CVE-2017-9535

7.8CVSS7.9AI score0.00392EPSS

CVE-2017-9878

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c99a."

7.8CVSS7.9AI score0.00194EPSS

CVE-2017-9915

IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "Read Access Violation on Block Data Move starting at ntdll_77df0000!memcpy+0x0000000000000033."

CVE•added 2019/10/08 12:15 p.m.•39 views

CVE-2019-17243

IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155.

7.8CVSS7.6AI score0.00347EPSS

CVE•added 2019/10/08 12:15 p.m.•39 views

CVE-2019-17247

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8.

CVE•added 2019/10/08 12:15 p.m.•39 views

CVE-2019-17255

IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836.

CVE•added 2022/07/18 12:15 a.m.•39 views

CVE-2020-23561

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722.

5.5CVSS5.5AI score0.00134EPSS

7.8CVSS8.1AI score0.00053EPSS

CVE-2024-11511

IrfanView XCF Plugin XCF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit...

7.8CVSS8AI score0.00058EPSS

CVE-2024-11512

IrfanView WBZ Plugin WB1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a mali...

CVE-2024-11543

7.8CVSS8AI score0.00058EPSS

CVE-2024-11565

IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2024-11574

CVE•added 2024/08/28 6:15 p.m.•39 views

CVE-2024-44914

An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).

5.5CVSS6.7AI score0.00032EPSS

CVE•added 2024/11/22 10:15 p.m.•39 views

CVE-2024-6819

IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

7.8CVSS8AI score0.00086EPSS

CVE•added 2007/04/30 10:19 p.m.•38 views

CVE-2007-2363

Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.

8.5CVSS7.8AI score0.22291EPSS

CVE•added 2010/05/14 7:30 p.m.•38 views

CVE-2010-1509

IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, rela...

5CVSS8.3AI score0.03679EPSS

CVE•added 2017/10/22 8:29 p.m.•38 views

CVE-2017-15745

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000002ca2e."

CVE•added 2017/10/22 8:29 p.m.•38 views

CVE-2017-15768

IrfanView version 4.50 - 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address controls Branch Selection starting at image000007f7_42060000+0x0000000000094113."

7.8CVSS8AI score0.00189EPSS

CVE•added 2017/07/05 8:29 p.m.•38 views

CVE-2017-9534

7.8CVSS7.9AI score0.00209EPSS

CVE•added 2017/07/05 8:29 p.m.•38 views

CVE-2017-9923

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceTypesInternal+0x0000000000000589."

7.8CVSS7.8AI score0.00033EPSS

CVE•added 2019/09/25 6:15 p.m.•38 views

CVE-2019-16887

In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.

7.8CVSS7.5AI score0.0016EPSS

CVE•added 2019/10/08 12:15 p.m.•38 views

CVE-2019-17250

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5.

CVE•added 2019/10/08 12:15 p.m.•38 views

CVE-2019-17253

IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8.

CVE•added 2019/10/08 12:15 p.m.•38 views

CVE-2019-17256

IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203.

CVE•added 2020/06/10 7:15 p.m.•38 views

CVE-2020-13905

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4.

8.8CVSS8.6AI score0.0026EPSS

7.8CVSS8.1AI score0.00105EPSS

CVE-2024-11519

IrfanView RLE File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

7.8CVSS8AI score0.00078EPSS

CVE-2024-11521

IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o...

CVE-2024-11522

7.8CVSS8AI score0.00058EPSS

CVE-2024-11550

IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...