CVE-2017-15765 in IrfanView
Summary
by MITRE
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at CADIMAGE+0x00000000003e9462."
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/08/2026
CVE-2017-15765 represents a critical vulnerability in IrfanView 64-bit versions when utilizing the CADImage plugin version 12.0.0.5, demonstrating a classic buffer overflow condition that can lead to remote code execution or denial of service. This vulnerability stems from improper input validation within the CADImage plugin's handling of AutoCAD Drawing (.dwg) files, specifically at memory address CADIMAGE+0x00000000003e9462 where faulting data is subsequently used as arguments in subsequent function calls. The flaw occurs when the plugin processes malformed .dwg files that contain crafted data structures, leading to memory corruption that can be exploited by malicious actors to execute arbitrary code on the target system or cause application instability.
The technical nature of this vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions, and CWE-125, which covers out-of-bounds read vulnerabilities. The attack vector involves an attacker constructing a specially crafted .dwg file that, when opened by IrfanView with the vulnerable CADImage plugin, triggers a memory access violation. The faulting address mentioned in the vulnerability description indicates that the plugin's memory management routines fail to properly validate input data before using it in subsequent operations, creating an exploitable condition where attacker-controlled data flows directly into function parameters without proper bounds checking or sanitization.
From an operational perspective, this vulnerability poses significant risks to organizations relying on IrfanView for image processing tasks, particularly in environments where users may encounter untrusted .dwg files from external sources. The potential impact extends beyond simple denial of service to include complete system compromise, as the vulnerability allows for arbitrary code execution with the privileges of the user running IrfanView. Attackers could leverage this weakness in scenarios involving email attachments, file sharing platforms, or web-based file delivery systems where .dwg files might be encountered. The vulnerability's exploitation requires no special privileges beyond being able to execute the application and access the target file, making it particularly dangerous in enterprise environments where users may inadvertently open malicious files.
The remediation strategy for CVE-2017-15765 requires immediate patching of the CADImage plugin to version 12.0.0.6 or later, which includes proper input validation and memory management fixes. Organizations should also implement network segmentation and file validation policies to prevent untrusted .dwg files from reaching end-user systems. Additionally, security monitoring should be enhanced to detect suspicious file access patterns and potential exploitation attempts. According to ATT&CK framework, this vulnerability maps to T1203 (Exploitation for Client Execution) and T1059 (Command and Scripting Interpreter), as attackers could use the vulnerability to execute malicious code through compromised applications. System administrators should also consider implementing application whitelisting policies to restrict execution of potentially vulnerable plugins and regularly audit software versions to ensure all components are up to date with security patches.