Shodan
Vulnerabilities
Vulnerable Software
Irfanview:  >> Irfanview  >> 2.97  Security Vulnerabilities
CVE-2013-5351
Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file.
CVSS Score
7.5
EPSS Score
0.055
Published
2014-02-14
CVE-2013-6932
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window.
CVSS Score
7.6
EPSS Score
0.099
Published
2013-12-28
CVE-2012-5904
Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.
CVSS Score
6.8
EPSS Score
0.041
Published
2012-11-17
CVE-2011-5233
Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.
CVSS Score
4.3
EPSS Score
0.485
Published
2012-10-25
CVE-2012-3585
Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.
CVSS Score
9.3
EPSS Score
0.263
Published
2012-07-05
CVE-2012-0278
Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression.
CVSS Score
9.3
EPSS Score
0.391
Published
2012-04-18
CVE-2012-0897
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
CVSS Score
6.8
EPSS Score
0.646
Published
2012-01-20
CVE-2010-1509
IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error."
CVSS Score
5.0
EPSS Score
0.037
Published
2010-05-14
CVE-2010-1510
Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.
CVSS Score
5.0
EPSS Score
0.048
Published
2010-05-14
CVE-2007-2363
Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.
CVSS Score
8.5
EPSS Score
0.227
Published
2007-04-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved