Total
372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0278 | 1 Irfanview | 2 Flashpix Plugin, Irfanview | 2026-04-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression. | |||||
| CVE-2012-3585 | 1 Irfanview | 2 Irfanview, Irfanview Plugins | 2026-04-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file. | |||||
| CVE-2012-5904 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image. | |||||
| CVE-2013-5351 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file. | |||||
| CVE-2011-5233 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 4.3 MEDIUM | N/A |
| Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file. | |||||
| CVE-2013-6932 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 7.6 HIGH | N/A |
| Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window. | |||||
| CVE-2010-1510 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression. | |||||
| CVE-2012-0897 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | |||||
| CVE-2010-1509 | 1 Irfanview | 1 Irfanview | 2026-04-29 | 5.0 MEDIUM | N/A |
| IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error." | |||||
| CVE-2007-2363 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 8.5 HIGH | N/A |
| Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file. | |||||
| CVE-2007-1948 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 9.3 HIGH | N/A |
| Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp. | |||||
| CVE-2007-4343 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-assisted remote attackers to execute arbitrary code via a crafted palette (.pal) file. | |||||
| CVE-2007-1245 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 4.3 MEDIUM | N/A |
| IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file. | |||||
| CVE-2009-2118 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 6.8 MEDIUM | N/A |
| Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow. | |||||
| CVE-2007-1867 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 10.0 HIGH | N/A |
| Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file. | |||||
| CVE-2008-0493 | 1 Irfanview | 1 Irfanview | 2026-04-23 | 9.3 HIGH | N/A |
| fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information. | |||||
| CVE-1999-1112 | 1 Irfanview | 1 Irfanview | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header. | |||||
| CVE-2006-4374 | 1 Irfanview | 1 Irfanview | 2026-04-16 | 2.6 LOW | N/A |
| IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow. | |||||
| CVE-2006-4231 | 1 Irfanview | 1 Irfanview | 2026-04-16 | 2.6 LOW | N/A |
| IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file. | |||||
| CVE-2024-5874 | 1 Irfanview | 2 Formats, Irfanview | 2025-08-07 | N/A | 7.8 HIGH |
| IrfanView PNT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNT files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23969. | |||||