CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9258 – IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9258
11 Oct 2024 — IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper initialization of a pointer prior to accessing it. • https://www.zerodayinitiative.com/advisories/ZDI-24-1370 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9259 – IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9259
11 Oct 2024 — IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an alloca... • https://www.zerodayinitiative.com/advisories/ZDI-24-1372 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9260 – IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9260
11 Oct 2024 — IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an alloca... • https://www.zerodayinitiative.com/advisories/ZDI-24-1373 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9261 – IrfanView SID File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9261
11 Oct 2024 — IrfanView SID File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-b... • https://www.zerodayinitiative.com/advisories/ZDI-24-1374 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9767 – IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9767
11 Oct 2024 — IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocate... • https://www.zerodayinitiative.com/advisories/ZDI-24-1371 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44913
https://notcve.org/view.php?id=CVE-2024-44913
28 Aug 2024 — An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS). • https://github.com/yuhano/irfanview_Poc • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44914
https://notcve.org/view.php?id=CVE-2024-44914
28 Aug 2024 — An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS). • https://github.com/yuhano/irfanview_Poc • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44915
https://notcve.org/view.php?id=CVE-2024-44915
28 Aug 2024 — An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS). • https://github.com/yuhano/irfanview_Poc • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6815 – IrfanView RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6815
26 Jul 2024 — IrfanView RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RLE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an alloca... • https://www.zerodayinitiative.com/advisories/ZDI-24-967 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6816 – IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6816
26 Jul 2024 — IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-bas... • https://www.zerodayinitiative.com/advisories/ZDI-24-968 • CWE-122: Heap-based Buffer Overflow •