CVE-2017-2813

An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the image in via the application or by using thumbnailing feature of IrfanView.

Published: Jun 21, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-2813
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
irfanview / irfanview	4.44	4.44.x

http://www.securityfocus.com/bid/98046
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0310

Vulnerability Database

289,871

CVE-2017-2813