← Back

CVE-2009-0197

nvd nist
Published: Apr 9, 2009Modified: Apr 23, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.

Affected (4)

Products: Irfanview: Formats
Irfanview
1 product
Formats
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Irfanview
Formats
Up to 4.22
Formats
Version 4.00
Formats
Version 4.10
Formats
Version 4.20

Related CWEs

CWE-189
CWE-189

References (16)

Source: PSIRT-CNA@flexerasoftware.com
Vendor Advisory
Source: PSIRT-CNA@flexerasoftware.com
Vendor Advisory
Source: PSIRT-CNA@flexerasoftware.com
Patch
Source: PSIRT-CNA@flexerasoftware.com
Source: PSIRT-CNA@flexerasoftware.com
Source: PSIRT-CNA@flexerasoftware.com
Source: PSIRT-CNA@flexerasoftware.com
PatchVendor Advisory
Source: PSIRT-CNA@flexerasoftware.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.