PT-2009-2877 · Irfanview · Irfanview

Published

2009-04-09

Updated

2018-10-11

CVE-2009-0197

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IrfanView versions prior to 4.23

Description The issue is related to an integer overflow in the FORMATS Plugin, which can be triggered by a large XPM file. This can lead to a heap-based buffer overflow, allowing remote attackers to execute arbitrary code or cause the application to crash.

Recommendations For versions prior to 4.23, update to version 4.23 or later to resolve the issue. As a temporary workaround, consider avoiding the use of large XPM files with the FORMATS Plugin until the update is applied.

Fix

RCE

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2009-0197

Affected Products

Irfanview

PT-2009-2877 · Irfanview · Irfanview

CVE-2009-0197

Weakness Enumeration

Related Identifiers

Affected Products

References · 10