CVE-2012-5904: Buffer Overflow
First published: Sat Nov 17 2012(Updated: )
Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IrfanView | <=4.32 | |
| IrfanView | =1.70 | |
| IrfanView | =1.80 | |
| IrfanView | =1.85 | |
| IrfanView | =1.90 | |
| IrfanView | =1.95 | |
| IrfanView | =1.97 | |
| IrfanView | =1.98 | |
| IrfanView | =1.98a | |
| IrfanView | =1.99 | |
| IrfanView | =2.00 | |
| IrfanView | =2.05 | |
| IrfanView | =2.07 | |
| IrfanView | =2.10 | |
| IrfanView | =2.12 | |
| IrfanView | =2.15 | |
| IrfanView | =2.17 | |
| IrfanView | =2.18 | |
| IrfanView | =2.20 | |
| IrfanView | =2.22 | |
| IrfanView | =2.25 | |
| IrfanView | =2.27 | |
| IrfanView | =2.30 | |
| IrfanView | =2.32 | |
| IrfanView | =2.35 | |
| IrfanView | =2.37 | |
| IrfanView | =2.40 | |
| IrfanView | =2.50 | |
| IrfanView | =2.52 | |
| IrfanView | =2.55 | |
| IrfanView | =2.60 | |
| IrfanView | =2.63 | |
| IrfanView | =2.65 | |
| IrfanView | =2.66 | |
| IrfanView | =2.68 | |
| IrfanView | =2.80 | |
| IrfanView | =2.82 | |
| IrfanView | =2.83 | |
| IrfanView | =2.85 | |
| IrfanView | =2.90 | |
| IrfanView | =2.92 | |
| IrfanView | =2.95 | |
| IrfanView | =2.97 | |
| IrfanView | =2.98 | |
| IrfanView | =3.00 | |
| IrfanView | =3.02 | |
| IrfanView | =3.05 | |
| IrfanView | =3.07 | |
| IrfanView | =3.10 | |
| IrfanView | =3.12 | |
| IrfanView | =3.15 | |
| IrfanView | =3.17 | |
| IrfanView | =3.20 | |
| IrfanView | =3.21 | |
| IrfanView | =3.25 | |
| IrfanView | =3.30 | |
| IrfanView | =3.33 | |
| IrfanView | =3.35 | |
| IrfanView | =3.36 | |
| IrfanView | =3.50 | |
| IrfanView | =3.51 | |
| IrfanView | =3.60 | |
| IrfanView | =3.61 | |
| IrfanView | =3.70 | |
| IrfanView | =3.75 | |
| IrfanView | =3.80 | |
| IrfanView | =3.85 | |
| IrfanView | =3.90 | |
| IrfanView | =3.91 | |
| IrfanView | =3.92 | |
| IrfanView | =3.95 | |
| IrfanView | =3.97 | |
| IrfanView | =3.98 | |
| IrfanView | =3.99 | |
| IrfanView | =4.00 | |
| IrfanView | =4.10 | |
| IrfanView | =4.20 | |
| IrfanView | =4.23 | |
| IrfanView | =4.25 | |
| IrfanView | =4.27 | |
| IrfanView | =4.28 | |
| IrfanView | =4.30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-5904?
CVE-2012-5904 is classified as a high severity vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2012-5904?
To fix CVE-2012-5904, you should update IrfanView to version 4.33 or later.
What is CVE-2012-5904?
CVE-2012-5904 is a heap-based buffer overflow vulnerability in IrfanView that allows remote attackers to execute arbitrary code through crafted image files.
Which versions of IrfanView are affected by CVE-2012-5904?
IrfanView versions prior to 4.33, including versions 1.70 to 4.32, are affected by CVE-2012-5904.
What types of files can exploit CVE-2012-5904?
CVE-2012-5904 can be exploited using crafted bitmap files, specifically RLE compressed bitmap formats such as DIB, RLE, or BMP.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/weakness
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/irfanview
- canonical/irfanview
- version/irfanview/4.32
- version/irfanview/1.70
- version/irfanview/1.80
- version/irfanview/1.85
- version/irfanview/1.90
- version/irfanview/1.95
- version/irfanview/1.97
- version/irfanview/1.98
- version/irfanview/1.98a
- version/irfanview/1.99
- version/irfanview/2.00
- version/irfanview/2.05
- version/irfanview/2.07
- version/irfanview/2.10
- version/irfanview/2.12
- version/irfanview/2.15
- version/irfanview/2.17
- version/irfanview/2.18
- version/irfanview/2.20
- version/irfanview/2.22
- version/irfanview/2.25
- version/irfanview/2.27
- version/irfanview/2.30
- version/irfanview/2.32
- version/irfanview/2.35
- version/irfanview/2.37
- version/irfanview/2.40
- version/irfanview/2.50
- version/irfanview/2.52
- version/irfanview/2.55
- version/irfanview/2.60
- version/irfanview/2.63
- version/irfanview/2.65
- version/irfanview/2.66
- version/irfanview/2.68
- version/irfanview/2.80
- version/irfanview/2.82
- version/irfanview/2.83
- version/irfanview/2.85
- version/irfanview/2.90
- version/irfanview/2.92
- version/irfanview/2.95
- version/irfanview/2.97
- version/irfanview/2.98
- version/irfanview/3.00
- version/irfanview/3.02
- version/irfanview/3.05
- version/irfanview/3.07
- version/irfanview/3.10
- version/irfanview/3.12
- version/irfanview/3.15
- version/irfanview/3.17
- version/irfanview/3.20
- version/irfanview/3.21
- version/irfanview/3.25
- version/irfanview/3.30
- version/irfanview/3.33
- version/irfanview/3.35
- version/irfanview/3.36
- version/irfanview/3.50
- version/irfanview/3.51
- version/irfanview/3.60
- version/irfanview/3.61
- version/irfanview/3.70
- version/irfanview/3.75
- version/irfanview/3.80
- version/irfanview/3.85
- version/irfanview/3.90
- version/irfanview/3.91
- version/irfanview/3.92
- version/irfanview/3.95
- version/irfanview/3.97
- version/irfanview/3.98
- version/irfanview/3.99
- version/irfanview/4.00
- version/irfanview/4.10
- version/irfanview/4.20
- version/irfanview/4.23
- version/irfanview/4.25
- version/irfanview/4.27
- version/irfanview/4.28
- version/irfanview/4.30