CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-27362

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile44.70th
Published2021年2月17日
Last Modified2024年11月21日

Vulnerability Description

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.

Affected Platforms (CPE)

📦
Irfanview

Wpg

< 3.1.0.0

References & Advisories

🔗 https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-irfanview-wpg/
🔗 https://www.irfanview.com/plugins.htm
🔗 https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-irfanview-wpg/
🔗 https://www.irfanview.com/plugins.htm

相關漏洞威脅

CVE-2016-79969.8

Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecifi...

CVE-2008-34609.3

WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the le...

CVE-2017-165458.8

The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows rem...

CVE-2017-165468.8

The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, w...