CVE-2020-23546

Name of the Vulnerable Software and Affected Versions IrfanView version 4.54

Description The issue allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file. This is related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call" starting at FORMATS!ReadMosaic+0x0000000000000981.

Recommendations For IrfanView version 4.54, consider avoiding the use of crafted XBM files until a patch is available. As a temporary workaround, restrict the use of the FORMATS!ReadMosaic function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.