KLA11205
Multiple vulnerabilities in IrfanView
Updated: 03/15/2018
CVSS
?
6.8
Detect date
?
10/22/2017
Severity
?
High
Description

Multiple serious vulnerabilities have been found in IrfanView 4.50. Malicious users can exploit these vulnerabilities to cause a denial of service or execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A buffer overflow vulnerability can be exploited locally via a specially crafted *.dds file to cause a denial of service;
  2. A buffer overflow vulnerability can be exploited locally via a specially crafted *.tif file to cause a denial of service;
  3. Multiple buffer overflow vulnerabilities can be exploited locally via a specially crafted *.dwg file to cause a denial of service or execute arbitrary code.
Affected products

IrfanView version 4.50

Solution

Update to the latest version
IrfanView – Official Homepage

Impacts
?
ACE 
[?]

DoS 
[?]
Related products
IrfanView
CVE-IDS
?

CVE-2017-15769
CVE-2017-15768
CVE-2017-15767
CVE-2017-15766
CVE-2017-15765
CVE-2017-15764
CVE-2017-15763
CVE-2017-15762
CVE-2017-15761
CVE-2017-15760
CVE-2017-15759
CVE-2017-15758
CVE-2017-15757
CVE-2017-15756
CVE-2017-15755
CVE-2017-15754
CVE-2017-15753
CVE-2017-15752
CVE-2017-15751
CVE-2017-15750
CVE-2017-15749
CVE-2017-15748
CVE-2017-15747
CVE-2017-15746
CVE-2017-15745
CVE-2017-15744
CVE-2017-15743
CVE-2017-15742
CVE-2017-15741
CVE-2017-15740
CVE-2017-15739
CVE-2017-15738
CVE-2017-15737