IrfanviewCVEs & Vulnerabilities

381 CVEs affecting Irfanview products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

irfanview 812fpx 32pdf 25babacad4image 16cadimage 15tools 10formats 8flashpix plugin 4
CVE-2020-23556HIGH

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28.

16 Sep 2022
7.8
CVSS
CVE-2020-23555HIGH

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e.

16 Sep 2022
7.8
CVSS
CVE-2020-23554HIGH

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20.

16 Sep 2022
7.8
CVSS
CVE-2020-23553HIGH

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33.

16 Sep 2022
7.8
CVSS
CVE-2020-23552HIGH

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62.

16 Sep 2022
7.8
CVSS
CVE-2020-23551HIGH

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30.

16 Sep 2022
7.8
CVSS
CVE-2020-23550HIGH

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82.

16 Sep 2022
7.8
CVSS
CVE-2020-23563MEDIUM

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba.

18 Jul 2022
5.5
CVSS
CVE-2020-23562MEDIUM

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000aefe.

18 Jul 2022
5.5
CVSS
CVE-2020-23561MEDIUM

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722.

18 Jul 2022
5.5
CVSS
CVE-2021-46064HIGH

IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.

23 Mar 2022
7.8
CVSS
CVE-2020-23545HIGH

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531.

15 Dec 2021
7.8
CVSS
CVE-2020-23567MEDIUM

Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to "Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea"

5 Nov 2021
5.5
CVSS
CVE-2020-23566MEDIUM

Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8.

5 Nov 2021
5.5
CVSS
CVE-2020-23565HIGH

Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850".

5 Nov 2021
7.8
CVSS
CVE-2020-23549HIGH

IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6".

29 Oct 2021
7.8
CVSS
CVE-2020-23546HIGH

IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.

29 Oct 2021
7.8
CVSS
CVE-2021-29367HIGH

A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file.

28 Sep 2021
7.8
CVSS
CVE-2021-29366HIGH

A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.

28 Sep 2021
7.8
CVSS
CVE-2021-29365MEDIUM

Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS).

28 Sep 2021
5.5
CVSS
CVE-2021-29364HIGH

A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.

28 Sep 2021
7.8
CVSS
CVE-2021-29363HIGH

A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74

28 Sep 2021
7.8
CVSS
CVE-2021-29362HIGH

A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.

28 Sep 2021
7.8
CVSS
CVE-2021-29361HIGH

A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.

28 Sep 2021
7.8
CVSS
CVE-2021-29360HIGH

A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.

28 Sep 2021
7.8
CVSS
CVE-2021-29358MEDIUM

A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file.

28 Sep 2021
5.5
CVSS
CVE-2021-27362CRITICAL

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.

17 Feb 2021
9.8
CVSS
CVE-2021-27224HIGH

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.

17 Feb 2021
7.5
CVSS
CVE-2020-35133HIGH

irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing at i_view32+0xdb60.

16 Dec 2020
7.5
CVSS
CVE-2020-13906HIGH

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038eb7.

10 Jun 2020
7.8
CVSS
CVE-2020-13905HIGH

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4.

10 Jun 2020
8.8
CVSS
CVE-2013-3486CRITICAL

IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability

27 Jan 2020
9.6
CVSS
CVE-2019-17258HIGH

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c.

8 Oct 2019
7.8
CVSS
CVE-2019-17257MEDIUM

IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80.

8 Oct 2019
5.5
CVSS
CVE-2019-17256HIGH

IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203.

8 Oct 2019
7.8
CVSS
CVE-2019-17255HIGH

IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836.

8 Oct 2019
7.8
CVSS
CVE-2019-17254HIGH

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101.

8 Oct 2019
7.8
CVSS
CVE-2019-17253HIGH

IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8.

8 Oct 2019
7.8
CVSS
CVE-2019-17252HIGH

IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115.

8 Oct 2019
7.8
CVSS
CVE-2019-17251HIGH

IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43.

8 Oct 2019
7.8
CVSS
CVE-2019-17250HIGH

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5.

8 Oct 2019
7.8
CVSS
CVE-2019-17249HIGH

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b.

8 Oct 2019
7.8
CVSS
CVE-2019-17248HIGH

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6.

8 Oct 2019
7.8
CVSS
CVE-2019-17247HIGH

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8.

8 Oct 2019
7.8
CVSS
CVE-2019-17246HIGH

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c.

8 Oct 2019
7.8
CVSS
CVE-2019-17245HIGH

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359.

8 Oct 2019
7.8
CVSS
CVE-2019-17244HIGH

IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000001d8a.

8 Oct 2019
7.8
CVSS
CVE-2019-17243HIGH

IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155.

8 Oct 2019
7.8
CVSS