CVE-2017-15757 in IrfanView
Summary
by MITRE
IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x00000000000029ba."
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/06/2026
The vulnerability identified as CVE-2017-15757 affects IrfanView version 4.50 64-bit when utilizing the BabaCAD4Image plugin version 1.3, representing a critical security flaw that can be exploited through maliciously crafted .dwg files. This vulnerability falls under the category of memory corruption issues that can lead to denial of service conditions or potentially more severe impacts. The flaw manifests specifically within the plugin's handling of data from a faulting address that controls branch selection, occurring at the offset 0x00000000000029ba within the ShowPlugInOptions function of the BabaCAD4Image module.
The technical nature of this vulnerability stems from improper input validation and memory management within the plugin's code execution flow. When IrfanView processes a specially crafted .dwg file through the BabaCAD4Image plugin, the application fails to properly validate or sanitize the incoming data structure, leading to unpredictable behavior in the program's execution path. This type of vulnerability is classified as a control flow corruption issue, where attacker-controlled data influences the decision-making logic of the program, potentially causing it to jump to unintended execution paths or execute arbitrary code. The vulnerability specifically impacts the branch selection mechanism, which is a fundamental aspect of program execution flow that can be manipulated through carefully crafted input data.
From an operational perspective, this vulnerability presents significant risks to users who rely on IrfanView for image processing tasks, particularly in environments where untrusted files might be encountered. The denial of service impact means that legitimate users could be prevented from accessing their image files or performing normal operations within the application. Additionally, the unspecified other impacts suggest potential for more serious consequences including arbitrary code execution or privilege escalation, depending on the execution context and system configuration. The vulnerability's exploitation requires minimal user interaction, as simply opening or processing a malicious .dwg file can trigger the flaw, making it particularly dangerous in automated or unattended systems.
The attack surface for this vulnerability is primarily limited to systems running the specific combination of IrfanView 4.50 64-bit with the BabaCAD4Image plugin version 1.3, but this configuration is common enough to pose widespread risk. Security practitioners should note that this vulnerability aligns with CWE-122, which describes heap-based buffer overflow conditions, and potentially CWE-125, which covers out-of-bounds read conditions that can lead to control flow manipulation. The ATT&CK framework categorizes this type of vulnerability under T1203, which involves legitimate program execution, where adversaries leverage application flaws to execute malicious code. Organizations should consider implementing network segmentation and file validation policies to prevent exploitation, while also ensuring that all software components are kept up to date with the latest security patches from vendors.
Mitigation strategies for this vulnerability should prioritize immediate patching of the affected software versions, as the vendor has likely released updates to address the memory corruption issues within the plugin. System administrators should implement strict file type validation and scanning procedures for .dwg files, particularly when these files are received from external sources or processed in automated environments. The principle of least privilege should be enforced when running IrfanView, limiting the potential impact of successful exploitation. Additionally, monitoring for unusual application behavior or denial of service conditions may help detect exploitation attempts, though the vulnerability's nature makes detection challenging due to its potential for causing system instability rather than clear malicious activity patterns.