CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5876 – IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5876
12 Jun 2024 — IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-bas... • https://www.zerodayinitiative.com/advisories/ZDI-24-669 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5877 – IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5877
12 Jun 2024 — IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PIC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an al... • https://www.zerodayinitiative.com/advisories/ZDI-24-666 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26974
https://notcve.org/view.php?id=CVE-2023-26974
04 Apr 2023 — Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0. • https://github.com/overXsky/IrfanviewPoc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24304
https://notcve.org/view.php?id=CVE-2023-24304
28 Mar 2023 — Improper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbitrary code via opening a crafted PDF file. • https://www.sit.fraunhofer.de/CVE-2023-24304 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-23560
https://notcve.org/view.php?id=CVE-2020-23560
16 Sep 2022 — IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab. IrfanView versión 4.54, permite una violación de acceso de escritura en modo usuario a partir de FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab • https://github.com/nhiephon/Research • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-23559
https://notcve.org/view.php?id=CVE-2020-23559
16 Sep 2022 — IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f. IrfanView versión 4.54, permite una violación de acceso de escritura en modo usuario a partir de FORMATS!ShowPlugInSaveOptions_W+0x000000007d7f • https://github.com/nhiephon/Research • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-23558
https://notcve.org/view.php?id=CVE-2020-23558
16 Sep 2022 — IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b. IrfanView versión 4.54, permite una violación de acceso de escritura en modo usuario a partir de FORMATS!ShowPlugInSaveOptions_W+0x000000007f4b • https://github.com/nhiephon/Research • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-23557
https://notcve.org/view.php?id=CVE-2020-23557
16 Sep 2022 — IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d. IrfanView versión 4.54, permite una violación de acceso de escritura en modo usuario a partir de FORMATS!ShowPlugInSaveOptions_W+0x00000000755d • https://github.com/nhiephon/Research • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-23556
https://notcve.org/view.php?id=CVE-2020-23556
16 Sep 2022 — IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28. IrfanView versión 4.54, permite una violación de acceso de escritura en modo usuario a partir de FORMATS!GetPlugInInfo+0x000000007e28 • https://github.com/nhiephon/Research • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-23555
https://notcve.org/view.php?id=CVE-2020-23555
16 Sep 2022 — IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e. IrfanView versión 4.54, permite una violación de acceso de escritura en modo usuario a partir de FORMATS!GetPlugInInfo+0x000000007e6e • https://github.com/nhiephon/Research • CWE-787: Out-of-bounds Write •