CVE-2017-15756 in IrfanView
Summary
by MITRE
IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d7c4."
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/06/2026
CVE-2017-15756 represents a critical buffer overflow vulnerability affecting IrfanView 4.50 64-bit when utilizing the BabaCAD4Image plugin version 1.3. This vulnerability stems from improper input validation within the plugin's handling of AutoCAD drawing files with the .dwg extension. The flaw occurs at the memory address BabaCAD4Image!ShowPlugInOptions+0x000000000004d7c4, where data from a faulting address directly controls subsequent write operations, creating a classic stack-based buffer overflow condition. The vulnerability manifests when the plugin processes malformed .dwg files that contain maliciously crafted data structures, allowing attackers to manipulate memory layout and execute arbitrary code with the privileges of the affected application. This issue aligns with CWE-121, Stack-based Buffer Overflow, and represents a significant concern for users who frequently process CAD files or work with AutoCAD documents. The operational impact extends beyond simple code execution to include potential denial of service scenarios where the application crashes or becomes unresponsive. Attackers can exploit this vulnerability by crafting specially designed .dwg files that trigger the buffer overflow during the plugin's parsing routine, potentially leading to remote code execution in contexts where IrfanView is used to open untrusted files. The vulnerability also maps to ATT&CK technique T1059.007 for command and scripting interpreter, as successful exploitation could allow attackers to execute malicious commands through the compromised application. The attack surface is particularly concerning for enterprise environments where IrfanView might be used to process documents from untrusted sources, and the 64-bit architecture of the affected version introduces additional complexity in memory management that could be leveraged for more sophisticated exploitation techniques. Organizations should prioritize patching this vulnerability and implementing file validation controls to prevent unauthorized code execution through crafted CAD files. The vulnerability demonstrates the risks associated with plugin architectures in image viewers and highlights the importance of robust input validation even in specialized modules that handle specific file formats. Proper mitigation strategies include disabling the problematic plugin until a patched version is available, implementing network-based file filtering, and ensuring all users have updated to versions that address this specific buffer overflow condition.