CVE-2021-27362

Опубликовано: 17 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.

Ссылки

https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-irfanview-wpg/
Exploit
Third Party Advisory
https://www.irfanview.com/plugins.htm
Vendor Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-irfanview-wpg/
Exploit
Third Party Advisory
https://www.irfanview.com/plugins.htm
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:irfanview:wpg:*:*:*:*:*:*:*:*

Версия до 3.1.0.0 (исключая)

cpe:2.3:a:irfanview:irfanview:4.57:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04239

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-g5vm-h3jx-g8ph

github

больше 3 лет назад