Description
IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.
References (3)
Core 3
Core References
Product x_refsource_misc
http://irfanview.com
Product, URL Repurposed x_refsource_misc
http://irfan.com
Release Notes, Vendor Advisory x_refsource_misc
https://www.irfanview.info/main_history.htm
Scores
CVSS v3
7.8
EPSS
0.0058
EPSS Percentile
69.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-120
Status
published
Products (1)
irfanview/irfanview
4.59
Published
Mar 23, 2022
Tracked Since
Feb 18, 2026