CVE-2013-5351
IrfanView < 4.37 - Remote Code Execution via GIF LZW Code Stream
Title source: llmDescription
Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64388
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89820
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89808
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54959
Vendor Advisory x_refsource_confirm
http://www.irfanview.com/main_history.htm
Third Party Advisory x_refsource_misc
http://secunia.com/secunia_research/2013-13/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101065
Scores
EPSS
0.0552
EPSS Percentile
90.3%
Details
CWE
CWE-119
Status
published
Products (50)
irfanview/irfanview
1.70
irfanview/irfanview
1.75
irfanview/irfanview
1.80
irfanview/irfanview
1.85
irfanview/irfanview
1.90
irfanview/irfanview
1.95
irfanview/irfanview
1.97
irfanview/irfanview
1.98
irfanview/irfanview
1.98a
irfanview/irfanview
1.99
... and 40 more
Published
Feb 14, 2014
Tracked Since
Feb 18, 2026