A vulnerability has been found in IrfanView 4.44 on 32-bit (Image Processing Software) and classified as critical. Affected by this vulnerability is an unknown function of the component PDF Plugin. The manipulation as part of a PDF File leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

The bug was discovered 10/12/2017. The weakness was shared 10/11/2017 (Website). It is possible to read the advisory at github.com. This vulnerability is known as CVE-2017-15244 since 10/11/2017. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries 107783, 107782, 107781 and 107780 are related to this item.

Productinfo

Type

• Image Processing Software

Name

• IrfanView

Version

• 4.44

License

• free

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion