CVE-2007-1948
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/04/2007
Last modified:
09/04/2025
Description
Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:irfanview:irfanview:3.99:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html
- http://osvdb.org/41554
- http://securityreason.com/securityalert/2558
- http://www.securityfocus.com/archive/1/464726/100/0/threaded
- http://www.vupen.com/english/advisories/2007/1284
- http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html
- http://osvdb.org/41554
- http://securityreason.com/securityalert/2558
- http://www.securityfocus.com/archive/1/464726/100/0/threaded
- http://www.vupen.com/english/advisories/2007/1284