CVE-2010-1509
IrfanView < 4.25 - Heap-Based Buffer Overflow via Crafted PSD Image
Title source: llmDescription
IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error."
References (8)
Core 8
Core References
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2010-41
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511274/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39036
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/64627
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6705
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40104
Various Sources x_refsource_confirm
http://irfanview.com/main_history.htm
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58548
Scores
EPSS
0.0368
EPSS Percentile
88.1%
Details
CWE
CWE-119
Status
published
Products (50)
irfanview/irfanview
1.70
irfanview/irfanview
1.75
irfanview/irfanview
1.80
irfanview/irfanview
1.85
irfanview/irfanview
1.90
irfanview/irfanview
1.95
irfanview/irfanview
1.97
irfanview/irfanview
1.98
irfanview/irfanview
1.98a
irfanview/irfanview
1.99
... and 40 more
Published
May 14, 2010
Tracked Since
Feb 18, 2026