CVE-2017-15741 in IrfanView
Summary
by MITRE
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Possible Stack Corruption starting at CADIMAGE+0x00000000003d2378."
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/08/2026
The vulnerability CVE-2017-15741 represents a critical stack corruption issue affecting IrfanView 4.50 64-bit when utilizing the CADImage plugin version 12.0.0.5. This flaw manifests through the processing of specially crafted .dwg files, which are computer-aided design format files commonly used in engineering and architectural applications. The vulnerability occurs within the CADIMAGE plugin component that extends IrfanView's functionality to handle CAD file formats, creating a potential attack vector that could be exploited by malicious actors.
The technical exploitation of this vulnerability stems from improper input validation and memory handling within the CADImage plugin's parsing routine. When IrfanView attempts to process a malformed .dwg file, the plugin's code executes a stack corruption sequence beginning at the specific memory offset CADIMAGE+0x00000000003d2378. This location represents a critical point in the plugin's execution flow where buffer overflow conditions can occur, leading to unpredictable behavior in the application's memory management. The stack corruption mechanism typically involves overwriting critical stack frames or return addresses, which can result in application crashes or potentially more severe consequences depending on the execution context.
The operational impact of this vulnerability extends beyond simple denial of service scenarios, as the unspecified other impacts could include arbitrary code execution or privilege escalation depending on the target system configuration. Attackers could leverage this vulnerability to cause IrfanView to crash repeatedly, effectively rendering the application unusable for legitimate users. In more severe cases, the stack corruption could potentially be manipulated to execute malicious code within the application's memory space, particularly if the target system lacks modern exploit mitigations such as stack canaries or address space layout randomization. The vulnerability affects the broader CAD ecosystem since many users rely on IrfanView for image viewing tasks that may encounter CAD files during normal operations.
Organizations should implement immediate mitigations including disabling the CADImage plugin for IrfanView installations until a patched version is available, as recommended by the vendor and security advisories. The vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions, and represents a classic example of how third-party plugins can introduce critical security flaws into otherwise stable applications. From an ATT&CK framework perspective, this vulnerability could be categorized under T1203, which covers "Exploitation for Client Execution," and potentially T1059, "Command and Scripting Interpreter," if exploitation leads to code execution. System administrators should also consider implementing network segmentation and file validation controls to prevent users from inadvertently opening malicious CAD files, while monitoring for unusual application behavior or crash patterns that might indicate exploitation attempts.