PT-2017-19243 · Irfanview · Irfanview+1
Published
2017-07-05
·
Updated
2017-07-11
·
CVE-2017-9880
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IrfanView version 4.44 (32bit) with FPX Plugin 4.46
Description
The issue allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file. This is related to "Data from Faulting Address controls Code Flow starting at FPX+0x0000000000007236."
Recommendations
For IrfanView version 4.44 (32bit) with FPX Plugin 4.46, consider disabling the FPX Plugin as a temporary workaround until a patch is available. Avoid using the FPX Plugin to open .fpx files until the issue is resolved.
Exploit
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fpx Plugin
Irfanview