| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IrfanView version 4.44 (32bit) allows remote attackers to execute code via a crafted .mov file, because of a "User Mode Write AV near NULL" issue. |
| IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132e19." |
| IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000016e53." |
| IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000017426." |
| IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c998." |
| IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000007053." |
| IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000040db4." |
| IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file. |
| IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e." |
| IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6." |
| IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000006a98." |
| IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlFreeHandle+0x00000000000001b6." |
| IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpCompareResourceNames_U+0x0000000000000062." |
| IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote attackers to execute arbitrary code or cause a denial of service (Heap Corruption and application crash) in processing a FlashPix (.FPX) file, a different vulnerability than CVE-2017-7721. |
| IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at CADIMAGE+0x00000000003e9462." |
| IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write. |
| IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error." |
| Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression. |
| Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image. |
| Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. |
