CVE-2017-10730

HIGH

IrfanView 4.44 - Remote Code Execution via Crafted RLE File

Title source: llm
STIX 2.1

Description

IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d96."

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.irfanview.com/plugins.htm

Scores

CVSS v3 7.8
EPSS 0.0043
EPSS Percentile 62.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
irfanview/irfanview 4.44
Published Jul 05, 2017
Tracked Since Feb 18, 2026