Heap-Based Out-of-Bounds Write in IrfanView B3D PlugIns
CVE-2020-13880

9.8CRITICAL

Key Information:

Vendor: IrfanView
Status: B3d
Vendor: CVE Published:; 5 January 2024

What is CVE-2020-13880?

The vulnerability in IrfanView B3D PlugIns before version 4.56 involves a heap-based out-of-bounds write due to improper handling of certain input data in the B3d.dll module. Attackers can exploit this vulnerability to execute arbitrary code or cause application crashes, leading to a compromised system. Users are advised to upgrade to the latest version to mitigate associated risks and protect their systems from potential attacks.

References

https://gist.github.com/oicu0619/2de8f91ddc6b06b516475d5d...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 5, 2024
Vulnerability Reserved
Jun 6, 2020

JSON