Irfanview: >> Irfanview >> 4.57 Security Vulnerabilities
Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS).
CVSS Score
5.5
EPSS Score
0.002
Published
2021-09-28
A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVSS Score
7.8
EPSS Score
0.007
Published
2021-09-28
A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file.
CVSS Score
7.8
EPSS Score
0.007
Published
2021-09-28
A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-09-28
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.
CVSS Score
7.5
EPSS Score
0.04
Published
2021-02-17
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.042
Published
2021-02-17
Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.
CVSS Score
9.3
EPSS Score
0.275
Published
2012-07-05
Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression.
CVSS Score
9.3
EPSS Score
0.391
Published
2012-04-18
Page 11