Vulnerability Description
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Irfanview | Wpg | < 3.1.0.0 |
| Irfanview | Irfanview | 4.57 |
Related Weaknesses (CWE)
References
- https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-irfaExploitThird Party Advisory
- https://www.irfanview.com/plugins.htmVendor Advisory
- https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-irfaExploitThird Party Advisory
- https://www.irfanview.com/plugins.htmVendor Advisory
FAQ
What is CVE-2021-27362?
CVE-2021-27362 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.
How severe is CVE-2021-27362?
CVE-2021-27362 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-27362?
Check the references section above for vendor advisories and patch information. Affected products include: Irfanview Wpg, Irfanview Irfanview.