Remote Code Execution Risk in IrfanView CADImage Plugin
CVE-2017-15744

7.8HIGH

Key Information:

Vendor: Irfanview
Status: Irfanview; Cadimage
Vendor: CVE Published:; 22 October 2017

What is CVE-2017-15744?

The CADImage plugin for IrfanView 4.50 - 64bit is susceptible to a vulnerability that allows attackers to potentially execute arbitrary code or trigger a denial of service. This exploit can be executed by enticing users to open a specially crafted .dwg file, which leads to a 'Read Access Violation on Control Flow.' The flaw is particularly concerning for users who utilize the CADImage plugin, as it compromises the integrity of the software and opens pathways for malicious attacks.

References

https://github.com/wlinzi/security_advisories/tree/master...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2017
Vulnerability Reserved
Oct 21, 2017

JSON

Irfanview

What is CVE-2017-15744?

References

CVSS V3.1

Timeline