CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Irfanview : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6932 119 Exec Code Overflow 2013-12-27 2013-12-30
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window.
2 CVE-2013-5351 119 Exec Code Overflow 2014-02-14 2014-03-16
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file.
3 CVE-2012-5904 119 Exec Code Overflow 2012-11-17 2012-11-19
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.
4 CVE-2012-3585 119 Exec Code Overflow 2012-07-05 2012-07-17
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.
5 CVE-2012-0897 119 Exec Code Overflow 2012-01-20 2012-11-19
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
6 CVE-2012-0278 119 Exec Code Overflow 2012-04-18 2013-02-14
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression.
7 CVE-2012-0025 399 1 DoS 2012-11-02 2012-11-05
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.
8 CVE-2011-5233 119 1 Exec Code Overflow 2012-10-25 2012-10-26
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.
9 CVE-2010-1510 119 DoS Exec Code Overflow 2010-05-14 2010-08-21
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.
10 CVE-2010-1509 119 DoS Exec Code Overflow 2010-05-14 2010-08-21
5.0
None Remote Low Not required None None Partial
IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error."
11 CVE-2009-2118 94 Exec Code Overflow 2009-06-18 2009-06-24
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow.
12 CVE-2009-0197 189 DoS Exec Code Overflow 2009-04-09 2009-04-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.
13 CVE-2008-0493 119 1 Exec Code Overflow 2008-01-30 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information.
14 CVE-2007-4343 119 Exec Code Overflow 2007-10-16 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-assisted remote attackers to execute arbitrary code via a crafted palette (.pal) file.
15 CVE-2007-2363 1 Exec Code Overflow 2007-04-30 2008-11-13
8.5
Admin Remote Medium Single system Complete Complete Complete
Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.
16 CVE-2007-1948 DoS Exec Code Overflow 2007-04-10 2008-11-13
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.
17 CVE-2007-1867 Exec Code Overflow 2007-04-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.
18 CVE-2007-1245 119 DoS Overflow 2007-03-03 2008-11-15
4.3
None Remote Medium Not required None None Partial
IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.
19 CVE-2006-4374 DoS Overflow 2006-08-26 2008-09-05
2.6
None Remote High Not required None None Partial
IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow.
20 CVE-2006-4231 DoS 2006-08-18 2008-09-05
2.6
None Remote High Not required None None Partial
IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file.
21 CVE-1999-1112 Exec Code Overflow 1999-11-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.