Vulnerability Description
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000150."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Irfanview | Irfanview | 4.44 |
| Irfanview | Tools | <= 4.50 |
Related Weaknesses (CWE)
References
- http://www.irfanview.net/main_history.htmVendor Advisory
- https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9530Third Party Advisory
- http://www.irfanview.net/main_history.htmVendor Advisory
- https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9530Third Party Advisory
FAQ
What is CVE-2017-9530?
CVE-2017-9530 is a vulnerability with a CVSS score of 7.8 (HIGH). IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address is used as one or more arguments ...
How severe is CVE-2017-9530?
CVE-2017-9530 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9530?
Check the references section above for vendor advisories and patch information. Affected products include: Irfanview Irfanview, Irfanview Tools.