CVE-2017-15742 in IrfanView
Summary
by MITRE
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADIMAGE+0x00000000003d2328."
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/08/2026
The vulnerability identified as CVE-2017-15742 affects IrfanView version 4.50 64-bit when utilizing the CADImage plugin version 12.0.0.5, representing a critical security flaw that can be exploited to trigger denial of service conditions or potentially execute arbitrary code. This issue manifests through the processing of specially crafted .dwg files, which are computer-aided design files commonly used in engineering and architectural applications. The vulnerability stems from improper input validation and memory handling within the CADImage plugin's parsing routine for these specific file formats.
The technical root cause of this vulnerability lies in a read access violation that occurs at a specific memory address within the CADIMAGE module, namely at offset 0x00000000003d2328. This memory access violation represents a classic buffer over-read condition where the plugin attempts to access memory locations beyond the bounds of allocated memory regions while processing the malformed .dwg file. Such memory corruption issues typically arise from insufficient bounds checking during file parsing operations, allowing attackers to manipulate memory access patterns through crafted input data. The vulnerability falls under CWE-125, which describes "Out-of-bounds Read" conditions that occur when software reads data past the boundaries of a buffer, potentially leading to system instability or arbitrary code execution.
The operational impact of this vulnerability extends beyond simple denial of service, as it could potentially enable remote code execution or privilege escalation depending on the execution context. When an unsuspecting user opens a maliciously crafted .dwg file within IrfanView, the CADImage plugin triggers the memory access violation, causing the application to crash or potentially allowing attackers to inject and execute malicious code within the application's memory space. This makes the vulnerability particularly dangerous in environments where users might encounter untrusted .dwg files, such as in email attachments, file sharing systems, or web-based document repositories.
Organizations and users should implement immediate mitigations including disabling the CADImage plugin when processing untrusted files, updating to patched versions of IrfanView and the CADImage plugin, and implementing file type filtering mechanisms to prevent automatic execution of .dwg files. The ATT&CK framework categorizes this vulnerability under T1203, "Exploitation for Client Execution," as it involves leveraging software vulnerabilities to execute malicious code on target systems. Additionally, this vulnerability demonstrates the importance of input validation and memory safety practices, aligning with security guidelines that emphasize proper bounds checking and defensive programming techniques. Regular security assessments and penetration testing should include evaluation of third-party plugins and their interaction with core applications to identify similar memory corruption vulnerabilities that could be exploited in similar contexts.