| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.3 | $0-$5k | 0.00 |
Summary
A vulnerability described as problematic has been identified in Irfan Skiljan IrfanView up to 4.35. This vulnerability affects unknown code of the component ANI File Handler. Executing a manipulation can lead to integer coercion. There is no exploit available. Upgrading the affected component is recommended.
Details
A vulnerability has been found in Irfan Skiljan IrfanView up to 4.35 (Image Processing Software) and classified as critical. This vulnerability affects an unknown code block of the component ANI File Handler. The manipulation with an unknown input leads to a integer coercion vulnerability. The CWE definition for the vulnerability is CWE-192. Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was shared 06/27/2013 with FuzzMyApp as not defined advisory (Website). The advisory is shared for download at fuzzmyapp.com. The vendor cooperated in the coordination of the public release. The exploitation appears to be difficult. Access to the local network is required for this attack. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available.
Upgrading to version 4.36 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at OSVDB (94907†) and Secunia (SA53976†). The entries VDB-3392, VDB-11518, VDB-12219 and VDB-48660 are related to this item. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
- 4.0
- 4.1
- 4.2
- 4.3
- 4.4
- 4.5
- 4.6
- 4.7
- 4.8
- 4.9
- 4.10
- 4.11
- 4.12
- 4.13
- 4.14
- 4.15
- 4.16
- 4.17
- 4.18
- 4.19
- 4.20
- 4.21
- 4.22
- 4.23
- 4.24
- 4.25
- 4.26
- 4.27
- 4.28
- 4.29
- 4.30
- 4.31
- 4.32
- 4.33
- 4.34
- 4.35
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.6VulDB Meta Temp Score: 7.3
VulDB Base Score: 7.6
VulDB Temp Score: 7.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Integer coercionCWE: CWE-192 / CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: IrfanView 4.36
Timeline
06/27/2013 🔍06/27/2013 🔍
07/05/2013 🔍
07/10/2013 🔍
04/02/2019 🔍
Sources
Advisory: fuzzmyapp.comResearcher: http://www.fuzzmyapp.com/
Organization: FuzzMyApp
Status: Not defined
Confirmation: 🔍
Coordinated: 🔍
GCVE (VulDB): GCVE-100-9364
Secunia: 53976 - IrfanView ANI File Processing Integer Overflow Vulnerability, Highly Critical
OSVDB: 94907
See also: 🔍
Entry
Created: 07/10/2013 11:56Updated: 04/02/2019 15:55
Changes: 07/10/2013 11:56 (47), 04/02/2019 15:55 (6)
Complete: 🔍
Committer:
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.