Filtered by vendor Irfanview
Subscribe
Total
381 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5233 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 4.3 MEDIUM | N/A |
| Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file. | |||||
| CVE-2013-6932 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 7.6 HIGH | N/A |
| Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window. | |||||
| CVE-2010-1510 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression. | |||||
| CVE-2012-0897 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | |||||
| CVE-2010-1509 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 5.0 MEDIUM | N/A |
| IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error." | |||||
| CVE-2007-2363 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 8.5 HIGH | N/A |
| Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file. | |||||
| CVE-2007-1948 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 9.3 HIGH | N/A |
| Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp. | |||||
| CVE-2007-4343 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-assisted remote attackers to execute arbitrary code via a crafted palette (.pal) file. | |||||
| CVE-2007-1245 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 4.3 MEDIUM | N/A |
| IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file. | |||||
| CVE-2009-2118 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 6.8 MEDIUM | N/A |
| Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow. | |||||
| CVE-2007-1867 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 10.0 HIGH | N/A |
| Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file. | |||||
| CVE-2008-0493 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 9.3 HIGH | N/A |
| fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0197 | 1 Irfanview | 1 Formats | 2026-04-23 | 9.3 HIGH | N/A |
| Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow. | |||||
| CVE-1999-1112 | 1 Irfanview | 1 Irfanview | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header. | |||||
| CVE-2006-4374 | 1 Irfanview | 1 Irfanview | 2026-04-16 | 2.6 LOW | N/A |
| IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow. | |||||
| CVE-2006-4231 | 1 Irfanview | 1 Irfanview | 2026-04-16 | 2.6 LOW | N/A |
| IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file. | |||||
| CVE-2024-5874 | 1 Irfanview | 2 Formats, Irfanview | 2025-08-07 | N/A | 7.8 HIGH |
| IrfanView PNT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNT files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23969. | |||||
| CVE-2024-5877 | 1 Irfanview | 2 Formats, Irfanview | 2025-08-07 | N/A | 7.8 HIGH |
| IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PIC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23974. | |||||
| CVE-2024-5876 | 1 Irfanview | 2 Formats, Irfanview | 2025-08-07 | N/A | 7.8 HIGH |
| IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23973. | |||||
| CVE-2024-5875 | 1 Irfanview | 2 Formats, Irfanview | 2025-08-07 | N/A | 7.8 HIGH |
| IrfanView SHP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SHP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23972. | |||||