PT-2020-17264 · Irfan Skiljan · Irfanview

Published

2020-12-16

Updated

2020-12-18

CVE-2020-35133

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions irfanView version 4.56

Description The issue is related to an error in processing parsing files of type .pcx, which leads to out-of-bounds writing at i view32+0xdb60.

Recommendations For irfanView version 4.56, consider avoiding the use of .pcx file parsing until a patch is available. As a temporary workaround, restrict the processing of .pcx files to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-35133

Affected Products

Irfanview

PT-2020-17264 · Irfan Skiljan · Irfanview

CVE-2020-35133

Weakness Enumeration

Related Identifiers

Affected Products

References · 6