Filtered by vendor Irfanview
Subscriptions
Filtered by product Irfanview
Subscriptions
Total
285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9259 | 1 Irfanview | 1 Irfanview | 2024-11-25 | 7.8 High |
| IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23278. | ||||
| CVE-2024-5877 | 1 Irfanview | 1 Irfanview | 2024-11-22 | N/A |
| IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PIC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23974. | ||||
| CVE-2024-5876 | 1 Irfanview | 1 Irfanview | 2024-11-22 | N/A |
| IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23973. | ||||
| CVE-2024-5875 | 1 Irfanview | 1 Irfanview | 2024-11-22 | N/A |
| IrfanView SHP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SHP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23972. | ||||
| CVE-2024-5874 | 1 Irfanview | 1 Irfanview | 2024-11-22 | N/A |
| IrfanView PNT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNT files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23969. | ||||
| CVE-2021-46064 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image. | ||||
| CVE-2021-29367 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file. | ||||
| CVE-2021-29366 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29365 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 5.5 Medium |
| Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS). | ||||
| CVE-2021-29364 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29363 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74 | ||||
| CVE-2021-29362 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29361 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29360 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29358 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 5.5 Medium |
| A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file. | ||||
| CVE-2021-27362 | 1 Irfanview | 2 Irfanview, Wpg | 2024-11-21 | 9.8 Critical |
| The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code. | ||||
| CVE-2021-27224 | 1 Irfanview | 2 Irfanview, Wpg | 2024-11-21 | 7.5 High |
| The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code. | ||||
| CVE-2020-35133 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.5 High |
| irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing at i_view32+0xdb60. | ||||
| CVE-2020-23567 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 5.5 Medium |
| Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to "Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea" | ||||
| CVE-2020-23566 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 5.5 Medium |
| Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8. | ||||