First published: Sun Oct 22 2017(Updated: )
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x0000700b00260112 called from CADIMAGE+0x00000000003d35ad."
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IrfanView | =4.50 | |
IrfanView | =12.0.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-15747 is classified as a critical vulnerability due to its capability to allow arbitrary code execution.
To mitigate CVE-2017-15747, update IrfanView to version 4.51 or later and ensure the CADImage plugin is also updated.
CVE-2017-15747 can enable attackers to execute arbitrary code or cause a denial of service through a specially crafted .dwg file.
CVE-2017-15747 affects IrfanView version 4.50 and CADImage plugin version 12.0.0.5.
The potential impacts of CVE-2017-15747 include unauthorized access to system resources and application crashes.