CVE-2020-23565 in Irfanview
Summary
by MITRE • 11/05/2021
Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850".
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/08/2026
The vulnerability identified as CVE-2020-23565 represents a critical code execution flaw within IrfanView version 4.53, specifically affecting the handling of JPEG 2000 image files. This vulnerability stems from improper input validation and memory management during the processing of maliciously crafted JPEG 2000 files, creating a pathway for remote code execution attacks. The flaw manifests when the application attempts to parse and display corrupted or specially crafted JPEG 2000 files, leading to unpredictable behavior in the application's memory management and control flow.
The technical root cause of this vulnerability can be traced to a buffer overflow condition occurring within the JPEG2000ShowPlugInSaveOptions_W+0x00000000000032850 indicates a precise location within the application's memory space where the control flow becomes compromised, enabling arbitrary code execution.
The operational impact of this vulnerability extends beyond simple local privilege escalation, as it enables remote code execution attacks that can be delivered through maliciously crafted JPEG 2000 files. Attackers can exploit this vulnerability by embedding malicious code within JPEG 2000 files, which when opened by an unpatched IrfanView application, will execute arbitrary commands on the victim's system. This creates significant risk for users who frequently open images from untrusted sources or download images from web applications that may not properly validate file types. The vulnerability affects systems where IrfanView is installed and used to process image files, potentially allowing attackers to gain full system control, install malware, or access sensitive data. The exploitability of this vulnerability is enhanced by the fact that JPEG 2000 files are commonly used in various applications and web environments, making the attack surface particularly broad.
Mitigation strategies for CVE-2020-23565 should prioritize immediate patching of IrfanView installations to version 4.54 or later, which contains the necessary fixes for this vulnerability. System administrators should implement strict file type validation and sandboxing measures for image processing applications, particularly when handling files from untrusted sources. Network-level protections such as content filtering and email scanning should be enhanced to detect and block potentially malicious JPEG 2000 files. Organizations should also consider implementing application whitelisting policies that restrict execution of IrfanView or similar image viewers to trusted environments only. The vulnerability aligns with ATT&CK technique T1203 'Exploitation for Client Execution' and T1059 'Command and Scripting Interpreter' as attackers can leverage this vulnerability to execute arbitrary commands through the compromised image viewer application. Additionally, the flaw demonstrates characteristics of T1133 'External Remote Services' when attackers exploit it through web-based delivery mechanisms, making comprehensive network monitoring and endpoint detection crucial for preventing successful exploitation attempts.