CVE-2017-15750 in IrfanView
Summary
by MITRE
IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000009ae0."
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/06/2026
The vulnerability CVE-2017-15750 represents a critical memory corruption issue within IrfanView 4.50 64-bit when utilizing the BabaCAD4Image plugin version 1.3. This flaw manifests as a read access violation during the execution of the ShowPlugInOptions function, specifically at the memory address offset 0x0000000000009ae0 within the plugin module. The vulnerability stems from insufficient input validation and memory management within the plugin's handling of AutoCAD drawing files with the .dwg extension, creating a pathway for malicious exploitation through crafted file formats.
The technical implementation of this vulnerability involves a classic buffer over-read condition where the BabaCAD4Image plugin fails to properly validate the structure and boundaries of incoming .dwg files. When IrfanView processes a specially crafted .dwg file through the plugin interface, the application attempts to read memory locations beyond the allocated buffer boundaries, resulting in a segmentation fault or access violation. This memory corruption pattern aligns with CWE-125: "Out-of-bounds Read" and represents a direct violation of memory safety principles. The vulnerability's exploitation potential extends beyond simple denial of service to include arbitrary code execution possibilities, as demonstrated by the specific memory access pattern described in the exploit details.
The operational impact of this vulnerability creates significant risks for end users and organizations relying on IrfanView for image processing tasks. Attackers can leverage this flaw to disrupt normal application functionality through denial of service attacks, preventing legitimate users from accessing image files or processing documents. More concerning is the potential for remote code execution, where an attacker could craft a malicious .dwg file that, when opened by an unsuspecting user, could execute arbitrary commands on the target system. This vulnerability particularly affects environments where users frequently open untrusted image files or where IrfanView is used in automated processing workflows. The attack surface is widened by the plugin architecture, which allows third-party components to introduce security risks into the main application framework.
Mitigation strategies for CVE-2017-15750 should focus on immediate patching and operational hardening measures. The most effective solution involves updating to the latest version of IrfanView and ensuring the BabaCAD4Image plugin is updated to a secure version that addresses the memory corruption issue. Organizations should implement strict file validation policies, particularly for .dwg files, and consider disabling the BabaCAD4Image plugin entirely if its functionality is not essential for business operations. Network-level controls such as file type filtering and sandboxing mechanisms can provide additional defense-in-depth layers. From an ATT&CK perspective, this vulnerability maps to T1203: "Exploitation for Client Execution" and T1059: "Command and Scripting Interpreter," as attackers could potentially leverage the vulnerability to establish persistent access through malicious file delivery. System administrators should also monitor for suspicious file access patterns and implement application whitelisting policies to prevent unauthorized plugin execution. The vulnerability demonstrates the importance of secure coding practices and proper input validation, particularly in plugin architectures where third-party components can introduce security risks that affect the entire application ecosystem.