CyberSec.Space Logo
Back to CVE Browser

CVE-2021-27362

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile44.70th
PublishedFeb 17, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.

Affected Platforms (CPE)

πŸ“¦
Irfanview

Wpg

< 3.1.0.0

References & Advisories

πŸ”— https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-irfanview-wpg/
πŸ”— https://www.irfanview.com/plugins.htm
πŸ”— https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-irfanview-wpg/
πŸ”— https://www.irfanview.com/plugins.htm

Related Vulnerabilities

CVE-2016-79969.8

Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecifi...

CVE-2008-34609.3

WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the le...

CVE-2017-165458.8

The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows rem...

CVE-2017-165468.8

The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, w...