Описание
Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Patch
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.22 (включая)
Одно из
cpe:2.3:a:irfanview:formats:*:*:*:*:*:*:*:*
cpe:2.3:a:irfanview:formats:4.00:*:*:*:*:*:*:*
cpe:2.3:a:irfanview:formats:4.10:*:*:*:*:*:*:*
cpe:2.3:a:irfanview:formats:4.20:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.1084
Средний
9.3 Critical
CVSS2
Дефекты
CWE-189
Связанные уязвимости
github
почти 4 года назад
Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.
EPSS
Процентиль: 93%
0.1084
Средний
9.3 Critical
CVSS2
Дефекты
CWE-189