KLA11205
Multiple vulnerabilities in IrfanView
Updated: 06/26/2019
Detect date
?
10/22/2017
Severity
?
High
Description

Multiple serious vulnerabilities have been found in IrfanView 4.50. Malicious users can exploit these vulnerabilities to cause a denial of service or execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A buffer overflow vulnerability can be exploited locally via a specially crafted *.dds file to cause a denial of service;
  2. A buffer overflow vulnerability can be exploited locally via a specially crafted *.tif file to cause a denial of service;
  3. Multiple buffer overflow vulnerabilities can be exploited locally via a specially crafted *.dwg file to cause a denial of service or execute arbitrary code.
Affected products

IrfanView version 4.50

Solution

Update to the latest version
IrfanView – Official Homepage

Impacts
?
ACE 
[?]

DoS 
[?]
CVE-IDS
?