Vendor CVEs
IrfanView
All CVEs
385 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-13905 | 0.00 | — | 0.03 | Jun 10, 2020 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4. | |||
| CVE-2013-3486 | 0.00 | — | 0.02 | Jan 27, 2020 | IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability | |||
| CVE-2013-3945 | 0.00 | — | 0.02 | Jan 2, 2020 | The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag. | |||
| CVE-2013-3946 | 0.00 | — | 0.02 | Jan 2, 2020 | Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header. | |||
| CVE-2019-17258 | 0.00 | — | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c. | |||
| CVE-2019-17257 | 0.00 | — | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80. | |||
| CVE-2019-17256 | 0.00 | — | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203. | |||
| CVE-2019-17255 | 0.00 | — | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836. | |||
| CVE-2019-17254 | 0.00 | — | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101. | |||
| CVE-2019-17253 | 0.00 | — | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8. | |||
| CVE-2019-17252 | 0.00 | — | 0.03 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115. | |||
| CVE-2019-17251 | 0.00 | — | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43. | |||
| CVE-2019-17250 | 0.00 | — | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5. | |||
| CVE-2019-17249 | 0.00 | — | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b. | |||
| CVE-2019-17248 | 0.00 | — | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6. | |||
| CVE-2019-17247 | 0.00 | — | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8. | |||
| CVE-2019-17246 | 0.00 | — | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c. | |||
| CVE-2019-17245 | 0.00 | — | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359. | |||
| CVE-2019-17244 | 0.00 | — | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000001d8a. | |||
| CVE-2019-17243 | 0.00 | — | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155. | |||
| CVE-2019-17242 | 0.00 | — | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f. | |||
| CVE-2019-17241 | 0.00 | — | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563. | |||
| CVE-2019-16887 | 0.00 | — | 0.02 | Sep 25, 2019 | In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. | |||
| CVE-2019-13243 | 0.00 | — | 0.02 | Jul 4, 2019 | IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. | |||
| CVE-2019-13242 | 0.00 | — | 0.02 | Jul 4, 2019 | IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98. | |||
| CVE-2013-5351 | 0.00 | — | 0.05 | Feb 14, 2014 | Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file. | |||
| CVE-2013-6932 | 0.00 | — | 0.06 | Dec 28, 2013 | Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window. | |||
| CVE-2012-5904 | 0.00 | — | 0.06 | Nov 17, 2012 | Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image. | |||
| CVE-2010-1510 | 0.00 | — | 0.04 | May 14, 2010 | Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression. | |||
| CVE-2010-1509 | 0.00 | — | 0.04 | May 14, 2010 | IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based… | |||
| CVE-2009-2118 | 0.00 | — | 0.03 | Jun 18, 2009 | Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow. | |||
| CVE-2009-0197 | 0.00 | — | 0.05 | Apr 9, 2009 | Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow. | |||
| CVE-2007-4343 | 0.00 | — | 0.03 | Oct 16, 2007 | Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-assisted remote attackers to execute arbitrary code via a crafted palette (.pal) file. | |||
| CVE-2007-1245 | 0.00 | — | 0.01 | Mar 3, 2007 | IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file. | |||
| CVE-2006-4231 | 0.00 | — | 0.01 | Aug 18, 2006 | IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file. |
- CVE-2020-13905Jun 10, 2020risk 0.00cvss —epss 0.03
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4.
- CVE-2013-3486Jan 27, 2020risk 0.00cvss —epss 0.02
IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability
- CVE-2013-3945Jan 2, 2020risk 0.00cvss —epss 0.02
The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.
- CVE-2013-3946Jan 2, 2020risk 0.00cvss —epss 0.02
Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.
- CVE-2019-17258Oct 8, 2019risk 0.00cvss —epss 0.02
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c.
- CVE-2019-17257Oct 8, 2019risk 0.00cvss —epss 0.01
IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80.
- CVE-2019-17256Oct 8, 2019risk 0.00cvss —epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203.
- CVE-2019-17255Oct 8, 2019risk 0.00cvss —epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836.
- CVE-2019-17254Oct 8, 2019risk 0.00cvss —epss 0.02
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101.
- CVE-2019-17253Oct 8, 2019risk 0.00cvss —epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8.
- CVE-2019-17252Oct 8, 2019risk 0.00cvss —epss 0.03
IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115.
- CVE-2019-17251Oct 8, 2019risk 0.00cvss —epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43.
- CVE-2019-17250Oct 8, 2019risk 0.00cvss —epss 0.02
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5.
- CVE-2019-17249Oct 8, 2019risk 0.00cvss —epss 0.02
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b.
- CVE-2019-17248Oct 8, 2019risk 0.00cvss —epss 0.02
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6.
- CVE-2019-17247Oct 8, 2019risk 0.00cvss —epss 0.02
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8.
- CVE-2019-17246Oct 8, 2019risk 0.00cvss —epss 0.02
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c.
- CVE-2019-17245Oct 8, 2019risk 0.00cvss —epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359.
- CVE-2019-17244Oct 8, 2019risk 0.00cvss —epss 0.02
IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000001d8a.
- CVE-2019-17243Oct 8, 2019risk 0.00cvss —epss 0.02
IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155.
- CVE-2019-17242Oct 8, 2019risk 0.00cvss —epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f.
- CVE-2019-17241Oct 8, 2019risk 0.00cvss —epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563.
- CVE-2019-16887Sep 25, 2019risk 0.00cvss —epss 0.02
In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.
- CVE-2019-13243Jul 4, 2019risk 0.00cvss —epss 0.02
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6.
- CVE-2019-13242Jul 4, 2019risk 0.00cvss —epss 0.02
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98.
- CVE-2013-5351Feb 14, 2014risk 0.00cvss —epss 0.05
Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file.
- CVE-2013-6932Dec 28, 2013risk 0.00cvss —epss 0.06
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window.
- CVE-2012-5904Nov 17, 2012risk 0.00cvss —epss 0.06
Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.
- CVE-2010-1510May 14, 2010risk 0.00cvss —epss 0.04
Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.
- CVE-2010-1509May 14, 2010risk 0.00cvss —epss 0.04
IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based…
- CVE-2009-2118Jun 18, 2009risk 0.00cvss —epss 0.03
Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow.
- CVE-2009-0197Apr 9, 2009risk 0.00cvss —epss 0.05
Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.
- CVE-2007-4343Oct 16, 2007risk 0.00cvss —epss 0.03
Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-assisted remote attackers to execute arbitrary code via a crafted palette (.pal) file.
- CVE-2007-1245Mar 3, 2007risk 0.00cvss —epss 0.01
IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.
- CVE-2006-4231Aug 18, 2006risk 0.00cvss —epss 0.01
IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file.
Page 8 of 8