Memory Corruption in IrfanView CADImage Plugin Leading to Remote Code Execution
CVE-2025-7270
What is CVE-2025-7270?
The IrfanView CADImage Plugin has a vulnerability in the way it handles the parsing of DWG files, leading to potential memory corruption. This flaw arises from insufficient validation of user-supplied data, allowing remote attackers to execute arbitrary code on affected systems. User interaction is necessary, as the victim must either visit a malicious web page or open a compromised file to trigger the exploit. When exploited, this vulnerability could allow attackers to execute code within the context of the application, posing serious risks to user data and system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
IrfanView 4.70.0.0
References
CVSS V3.0
Timeline
Vulnerability published
Vulnerability Reserved
