CVE-2021-27224
HIGHIrfanView WPG Plugin <3.1.0.0 - Code Execution via WPG File Parsing
Title source: manualDescription
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-irfanview-wpg/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/161449/IrfanView-4.57-Denial-Of-Service-Code-Execution.html
Vendor Advisory x_refsource_misc
https://www.irfanview.com/plugins.htm
Scores
CVSS v3
7.5
EPSS
0.0626
EPSS Percentile
91.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (1)
irfanview/wpg
< 3.1.0.0
Published
Feb 17, 2021
Tracked Since
Feb 18, 2026