CVE-2017-2813 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the image in via the application or by using thumbnailing feature of IrfanView.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Irfanview	Irfanview	4.44

Related Weaknesses (CWE)

CWE-190

References

http://www.securityfocus.com/bid/98046Third Party AdvisoryVDB Entry
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0310Third Party Advisory
http://www.securityfocus.com/bid/98046Third Party AdvisoryVDB Entry
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0310Third Party Advisory

FAQ

What is CVE-2017-2813?

CVE-2017-2813 is a vulnerability with a CVSS score of 8.8 (HIGH). An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory a...

How severe is CVE-2017-2813?

CVE-2017-2813 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2813?

Check the references section above for vendor advisories and patch information. Affected products include: Irfanview Irfanview.