Summary
| Detail | |||
|---|---|---|---|
| Vendor | Irfanview | First view | 1999-11-09 |
| Product | Irfanview | Last view | 2023-04-04 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2023-04-04 | CVE-2023-26974 | Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0. |
| 7.8 | 2023-03-28 | CVE-2023-24304 | Improper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbitrary code via opening a crafted PDF file. |
| 7.8 | 2022-09-16 | CVE-2020-23560 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab. |
| 7.8 | 2022-09-16 | CVE-2020-23559 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f. |
| 7.8 | 2022-09-16 | CVE-2020-23558 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b. |
| 7.8 | 2022-09-16 | CVE-2020-23557 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d. |
| 7.8 | 2022-09-16 | CVE-2020-23556 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28. |
| 7.8 | 2022-09-16 | CVE-2020-23555 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e. |
| 7.8 | 2022-09-16 | CVE-2020-23554 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20. |
| 7.8 | 2022-09-16 | CVE-2020-23553 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33. |
| 7.8 | 2022-09-16 | CVE-2020-23552 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62. |
| 7.8 | 2022-09-16 | CVE-2020-23551 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30. |
| 7.8 | 2022-09-16 | CVE-2020-23550 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82. |
| 5.5 | 2022-07-18 | CVE-2020-23563 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba. |
| 5.5 | 2022-07-18 | CVE-2020-23562 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000aefe. |
| 5.5 | 2022-07-18 | CVE-2020-23561 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722. |
| 7.8 | 2022-03-23 | CVE-2021-46064 | IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image. |
| 7.8 | 2021-12-15 | CVE-2020-23545 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531. |
| 5.5 | 2021-11-05 | CVE-2020-23567 | Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to "Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea" |
| 5.5 | 2021-11-05 | CVE-2020-23566 | Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8. |
| 7.8 | 2021-11-05 | CVE-2020-23565 | Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850". |
| 7.8 | 2021-10-28 | CVE-2020-23549 | IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6". |
| 7.8 | 2021-10-28 | CVE-2020-23546 | IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981. |
| 7.8 | 2021-09-28 | CVE-2021-29367 | A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file. |
| 7.8 | 2021-09-28 | CVE-2021-29366 | A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 72% (123) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 20% (34) | CWE-787 | Out-of-bounds Write |
| 2% (5) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 1% (2) | CWE-20 | Improper Input Validation |
| 0% (1) | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
| 0% (1) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 0% (1) | CWE-369 | Divide By Zero |
| 0% (1) | CWE-190 | Integer Overflow or Wraparound |
| 0% (1) | CWE-125 | Out-of-bounds Read |
| 0% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:22597 | Vulnerability in IrfanView 4.23 in integer overflow |
| oval:org.mitre.oval:def:6705 | Heap-based buffer overflow in IrfanView via a crafted PSD image with RLE comp... |
| oval:org.mitre.oval:def:7397 | Heap-based buffer overflow vulnerability in IrfanView related to PSD image |
| oval:org.mitre.oval:def:22613 | Vulnerability in IrfanView before 4.33 in stack-based buffer overflow in the ... |
| oval:org.mitre.oval:def:22068 | Vulnerability in IrfanView before 4.32 in Heap-based buffer overflow |
| oval:org.mitre.oval:def:22279 | Vulnerability in IrfanView before 4.33 in Heap-based buffer overflow |
| oval:org.mitre.oval:def:22611 | Vulnerability in IrfanView before 4.37 in buffer overflow |
| oval:org.mitre.oval:def:22051 | Vulnerability in IrfanView before 4.37 in Heap-based buffer overflow |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 64628 | IrfanView RLE Compressed PSD Image Handling Overflow |
| 64627 | IrfanView PSD Image Handling Overflow |
| 55150 | IrfanView 1BPP Image Resampling TIFF File Handling Overflow |
| 41554 | IrfanView BMP Image Non-RLE Encoded Block Handling Overflow |
| 40770 | IrfanView FlashPix Plug-in Crafted FlashPix Memory Corruption |
| 40160 | IrfanView Crafted Palette File Arbitrary Remote Code Execution |
| 35463 | IrfanView Formats Plug-in IFF File Handling Overflow |
| 34680 | IrfanView Animated Cursor Handling Overflow |
| 34487 | IrfanView Malformed WMF File Handling DoS |
| 29359 | InfanView Crafted ANI Image DoS |
| 29164 | InfanView Crafted CUR Image File DoS |
| 10237 | IrfanView32 8BPS PhotoShop Image Header Arbitrary Command Execution |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-02-01 | Name : IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability File : nvt/gb_irfanview_jpeg2000_bof_vuln.nasl |
| 2010-05-19 | Name : IrfanView Buffer Overflow Vulnerabilities File : nvt/gb_irfanview_bof_vuln.nasl |
| 2009-06-24 | Name : IrfanView Integer Overflow Vulnerability File : nvt/secpod_irfanview_int_overflow_vuln.nasl |
| 2008-09-04 | Name : FreeBSD Ports: p5-Imager File : nvt/freebsd_p5-Imager.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-B-0076 | Multiple Vulnerabilities in VMware Horizon View Client Severity: Category I - VMSKEY: V0060965 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-04-12 | IrfanView JPEG2000 reference tile width value buffer overflow attempt RuleID : 42178 - Type : FILE-OTHER - Revision : 3 |
| 2017-04-12 | IrfanView JPEG2000 reference tile width value buffer overflow attempt RuleID : 42177 - Type : FILE-OTHER - Revision : 3 |
| 2015-07-28 | VMWare Workstation JPEG2000 stack overflow attempt RuleID : 34987 - Type : FILE-OTHER - Revision : 3 |
| 2015-07-28 | VMWare Workstation JPEG2000 stack overflow attempt RuleID : 34986 - Type : FILE-OTHER - Revision : 3 |
| 2015-07-28 | VMWare Workstation JPEG2000 stack overflow attempt RuleID : 34985 - Type : FILE-OTHER - Revision : 3 |
| 2015-07-28 | VMWare Workstation JPEG2000 stack overflow attempt RuleID : 34984 - Type : FILE-OTHER - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2015-06-16 | Name: The remote host has a virtualization application installed that is affected b... File: vmware_player_6_0_6_vmsa_2015-0004.nasl - Type: ACT_GATHER_INFO |
| 2015-06-16 | Name: The remote host has a virtualization application installed that is affected b... File: vmware_player_7_1_1_vmsa_2015-0004.nasl - Type: ACT_GATHER_INFO |
| 2015-06-16 | Name: The remote host has a virtualization application installed that is affected b... File: vmware_workstation_multiple_vmsa_2015_0004.nasl - Type: ACT_GATHER_INFO |
| 2015-06-12 | Name: The remote host has a virtual desktop solution installed that is affected by ... File: vmware_horizon_view_client_vmsa_2015_0004.nasl - Type: ACT_GATHER_INFO |
| 2014-02-07 | Name: A graphic viewer installed on the remote host is affected by multiple buffer ... File: irfanview_437.nasl - Type: ACT_GATHER_INFO |
| 2012-07-05 | Name: The remote host has an application installed that is affected by a stack-base... File: irfanview_jpeg2000_stack_overflow.nasl - Type: ACT_GATHER_INFO |
| 2012-04-03 | Name: A graphic viewer on the remote host is affected by a buffer overflow vulnerab... File: irfanview_433.nasl - Type: ACT_GATHER_INFO |
| 2012-01-16 | Name: An application on the remote Windows host is affected by a buffer overflow vu... File: irfanview_432.nasl - Type: ACT_GATHER_INFO |
| 2007-05-02 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_632c98beaad24af2849f41a6862afd6a.nasl - Type: ACT_GATHER_INFO |
