CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5876 – IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5876
12 Jun 2024 — IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-bas... • https://www.zerodayinitiative.com/advisories/ZDI-24-669 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5877 – IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5877
12 Jun 2024 — IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PIC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an al... • https://www.zerodayinitiative.com/advisories/ZDI-24-666 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13879
https://notcve.org/view.php?id=CVE-2020-13879
05 Jan 2024 — IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write. rfanView B3D PlugIns anteriores a la versión 4.56 tienen una escritura fuera de los límites basada en montón B3d.dll!+214f. • https://gist.github.com/oicu0619/878b8c37f238f4de5ff543973ef083f5 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13878
https://notcve.org/view.php?id=CVE-2020-13878
05 Jan 2024 — IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. IrfanView B3D PlugIns anteriores a la versión 4.56 tienen una escritura fuera de los límites basada en montón B3d.dll!+27ef. • https://gist.github.com/oicu0619/2b0eb7dd447aca8f4ab398a99f47488b • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13880
https://notcve.org/view.php?id=CVE-2020-13880
05 Jan 2024 — IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write. IrfanView B3D PlugIns anteriores a la versión 4.56 tienen una escritura fuera de los límites basada en montón B3d.dll!+1cbf. • https://gist.github.com/oicu0619/2de8f91ddc6b06b516475d5d67d7efba • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26974
https://notcve.org/view.php?id=CVE-2023-26974
04 Apr 2023 — Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0. • https://github.com/overXsky/IrfanviewPoc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24304
https://notcve.org/view.php?id=CVE-2023-24304
28 Mar 2023 — Improper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbitrary code via opening a crafted PDF file. • https://www.sit.fraunhofer.de/CVE-2023-24304 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-23560
https://notcve.org/view.php?id=CVE-2020-23560
16 Sep 2022 — IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab. IrfanView versión 4.54, permite una violación de acceso de escritura en modo usuario a partir de FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab • https://github.com/nhiephon/Research • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-23559
https://notcve.org/view.php?id=CVE-2020-23559
16 Sep 2022 — IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f. IrfanView versión 4.54, permite una violación de acceso de escritura en modo usuario a partir de FORMATS!ShowPlugInSaveOptions_W+0x000000007d7f • https://github.com/nhiephon/Research • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-23558
https://notcve.org/view.php?id=CVE-2020-23558
16 Sep 2022 — IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b. IrfanView versión 4.54, permite una violación de acceso de escritura en modo usuario a partir de FORMATS!ShowPlugInSaveOptions_W+0x000000007f4b • https://github.com/nhiephon/Research • CWE-787: Out-of-bounds Write •