Arbitrary Code Execution Vulnerability in IrfanView with FPX Plugin
CVE-2017-9876
7.8HIGH
What is CVE-2017-9876?
IrfanView version 4.44 (32bit), when used with FPX Plugin 4.46, contains a vulnerability that can be exploited by attackers to execute arbitrary code. This security flaw is triggered by processing specially crafted .fpx files, leading to potential denial of service or code execution. The issue arises from improper handling of data, specifically at the FPX_GetScanDevicePropertyGroup function, resulting in controlled code flow. Users are urged to apply available patches and avoid opening suspicious .fpx files to mitigate risks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved