Vulnerability Details : CVE-2012-5904
Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-5904
Probability of exploitation activity in the next 30 days: 7.31%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-5904
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-5904
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5904
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74452
IrfanView .dib, .rle, and .bmp file buffer overflow CVE-2012-5904 Vulnerability Report
-
http://www.irfanview.com/history_old.htm
History of IrfanView changes/versions
-
http://www.securityfocus.com/bid/52806
IrfanView Bitmap File Remote Heap Based Buffer Overflow Vulnerability
Products affected by CVE-2012-5904
- cpe:2.3:a:irfanview:irfanview:*:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.98:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.99:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.00:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.10:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.23:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.97:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.95:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.61:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.60:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.25:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.21:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.05:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.02:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.83:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.82:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.60:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.55:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.27:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.07:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.95:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.20:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.92:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.91:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.51:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.50:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.20:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.17:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.00:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.98:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.80:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.68:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.52:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.50:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.25:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.22:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.05:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.85:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.80:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.80:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.75:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.70:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.33:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.30:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.10:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.07:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.90:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.85:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.63:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.35:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.32:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.98:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.97:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.90:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.85:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.36:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.35:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.15:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.12:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.97:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.95:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.92:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.66:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.65:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.40:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.37:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.18:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.99:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.98a:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.70:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.28:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.27:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.25:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.30:*:*:*:*:*:*:*