User-mode Access Violation in IrfanView WPG Plugin
CVE-2021-27224

7.5HIGH

Key Information:

Vendor: Irfanview
Status: WPg
Vendor: CVE Published:; 17 February 2021

🔔 Create Irfanview Vulnerability Alert

What is CVE-2021-27224?

The WPG plugin for IrfanView version 4.57 prior to 3.1.0.0 is susceptible to a user-mode write access violation. This vulnerability can potentially allow remote attackers to execute arbitrary code by exploiting the flaws in the plugin. It is vital for users to update the WPG plugin to mitigate the risks associated with this issue.

References

https://www.irfanview.com/plugins.htm

x_refsource_MISC

https://sec-consult.com/vulnerability-lab/advisory/multip...

x_refsource_MISC

http://packetstormsecurity.com/files/161449/IrfanView-4.5...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2021
Vulnerability Reserved
Feb 16, 2021

.