Irfanview : Security Vulnerabilities, CVEs, CVSS score >= 9
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.97%
Published
2021-02-17
Updated
2021-02-22
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-01-05
Updated
2024-01-10
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-01-05
Updated
2024-01-10
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-01-05
Updated
2024-01-10
IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability
Max CVSS
9.6
EPSS Score
0.33%
Published
2020-01-27
Updated
2020-01-30
Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.
Max CVSS
9.3
EPSS Score
0.67%
Published
2012-07-05
Updated
2012-07-17
Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression.
Max CVSS
9.3
EPSS Score
18.95%
Published
2012-04-18
Updated
2013-02-15
Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
5.13%
Published
2009-04-09
Updated
2018-10-11
fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
13.39%
Published
2008-01-30
Updated
2017-09-29
Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.
Max CVSS
9.3
EPSS Score
0.53%
Published
2007-04-11
Updated
2018-10-16
Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.
Max CVSS
10.0
EPSS Score
10.30%
Published
2007-04-04
Updated
2017-10-19
11 vulnerabilities found