IrfanviewCVEs & Vulnerabilities

381 CVEs affecting Irfanview products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

irfanview 812fpx 32pdf 25babacad4image 16cadimage 15tools 10formats 8flashpix plugin 4
CVE-2017-9873HIGH

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at FPX!GetPlugInInfo+0x0000000000012bf2."

5 Jul 2017
7.8
CVSS
CVE-2017-9536HIGH

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000014eb."

5 Jul 2017
7.8
CVSS
CVE-2017-9535HIGH

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000016e53."

5 Jul 2017
7.8
CVSS
CVE-2017-9534HIGH

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000017426."

5 Jul 2017
7.8
CVSS
CVE-2017-9533HIGH

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!DE_Decode+0x0000000000000a9b."

5 Jul 2017
7.8
CVSS
CVE-2017-9532HIGH

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX+0x0000000000001555."

5 Jul 2017
7.8
CVSS
CVE-2017-9531HIGH

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX+0x000000000000176c."

5 Jul 2017
7.8
CVSS
CVE-2017-9530HIGH

IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000150."

5 Jul 2017
7.8
CVSS
CVE-2017-9528HIGH

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000000f53."

5 Jul 2017
7.8
CVSS
CVE-2017-8766HIGH

IrfanView version 4.44 (32bit) allows remote attackers to execute code via a crafted .mov file, because of a "User Mode Write AV near NULL" issue.

5 Jul 2017
7.8
CVSS
CVE-2017-8370HIGH

IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote attackers to execute arbitrary code or cause a denial of service (Heap Corruption and application crash) in processing a FlashPix (.FPX) file, a different vulnerability than CVE-2017-7721.

5 Jul 2017
7.8
CVSS
CVE-2017-8369HIGH

IrfanView version 4.44 (32bit) has a "Data from Faulting Address controls Branch Selection starting at USER32!wvsprintfA+0x00000000000002f3" issue, which might allow attackers to execute arbitrary code via a crafted file.

5 Jul 2017
7.8
CVSS
CVE-2017-10926HIGH

IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a "Read Access Violation starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

5 Jul 2017
7.8
CVSS
CVE-2017-10925HIGH

IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae."

5 Jul 2017
7.8
CVSS
CVE-2017-10924HIGH

IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a529."

5 Jul 2017
7.8
CVSS
CVE-2017-10735HIGH

IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca."

5 Jul 2017
7.8
CVSS
CVE-2017-10734HIGH

IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to an "Invalid Handle starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

5 Jul 2017
7.8
CVSS
CVE-2017-10733HIGH

IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031."

5 Jul 2017
7.8
CVSS
CVE-2017-10732HIGH

IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429."

5 Jul 2017
7.8
CVSS
CVE-2017-10731HIGH

IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d80."

5 Jul 2017
7.8
CVSS
CVE-2017-10730HIGH

IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d96."

5 Jul 2017
7.8
CVSS
CVE-2017-10729HIGH

IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121."

5 Jul 2017
7.8
CVSS
CVE-2017-2813HIGH

An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the image in via the application or by using thumbnailing feature of IrfanView.

21 Jun 2017
8.8
CVSS
CVE-2017-7721HIGH

IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file.

30 Apr 2017
7.8
CVSS
CVE-2013-5351HIGH

Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file.

14 Feb 2014
7.5
CVSS
CVE-2013-6932HIGH

Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window.

28 Dec 2013
7.6
CVSS
CVE-2012-5904MEDIUM

Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.

17 Nov 2012
6.8
CVSS
CVE-2012-0025MEDIUMpoc

Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.

2 Nov 2012
6.8
CVSS
CVE-2011-5233MEDIUMpoc

Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.

25 Oct 2012
4.3
CVSS
CVE-2012-3585CRITICALpoc

Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.

6 Jul 2012
9.3
CVSS
CVE-2012-0278CRITICALpoc

Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression.

18 Apr 2012
9.3
CVSS
CVE-2012-0897MEDIUMpoc

Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.

20 Jan 2012
6.8
CVSS
CVE-2010-1510MEDIUM

Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.

14 May 2010
5.0
CVSS
CVE-2010-1509MEDIUM

IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error."

14 May 2010
5.0
CVSS
CVE-2009-2118MEDIUM

Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow.

19 Jun 2009
6.8
CVSS
CVE-2009-0197CRITICAL

Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.

9 Apr 2009
9.3
CVSS
CVE-2008-0493CRITICALpoc

fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information.

31 Jan 2008
9.3
CVSS
CVE-2007-4343MEDIUM

Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-assisted remote attackers to execute arbitrary code via a crafted palette (.pal) file.

17 Oct 2007
5.1
CVSS
CVE-2007-2363HIGHpoc

Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.

1 May 2007
8.5
CVSS
CVE-2007-1948CRITICALpoc

Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.

11 Apr 2007
9.3
CVSS
CVE-2007-1867CRITICALpoc

Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.

4 Apr 2007
10.0
CVSS
CVE-2007-1245MEDIUM

IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.

3 Mar 2007
4.3
CVSS
CVE-2006-4374LOWpoc

IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow.

27 Aug 2006
2.6
CVSS
CVE-2006-4231LOW

IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file.

18 Aug 2006
2.6
CVSS
CVE-1999-1112HIGHpoc

Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header.

9 Nov 1999
7.5
CVSS
← PrevPage 8 / 8Next →