Announcement

Collapse
No announcement yet.

Software Vulnerability - CVE-2021-27362

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Software Vulnerability - CVE-2021-27362

    Support,

    I received a vulnerability report today from Acronis True Image 2021, Build 39216, that IrfanView 4.57 has a read access violation.

    The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.

    See: https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-27362

    Please advise if you are aware of this and if so, what action is required to address this issue please?

    Regards
    Patrick
    Tags: None
    #2
    Send a bug report to the author: Irfan Skiljan (Help menu, About IrfanView).
    He does not visit this user-to-user forum.
    Before you post ... Edit your profile • IrfanView 4.62 • Windows 10 Home 19045.2486

    Irfan PaintIrfan View HelpIrfanPaint HelpRiot.dllMore SkinsFastStone CaptureUploads

    Comment

      #3
      This bug was already fixed. You have to download the new version of the WPG plugin manually, see "PlugIns updated after the version 4.57".
      IrfanView PlugIns
      https://www.irfanview.com/plugins.htm
      My system: IrfanView 4.62 64bit, Windows 10 22H2, Intel Core i5-3570, 16GB RAM, NVidia GTX 1050Ti 4GB
      • Likes 1

      Comment

      Previous template Next
      Working...
      X