CVE-2024-31007 - Vulnerability Details - OpenCVE

Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Irfanview	Irfanview

No data.

No data.

References

Link	Providers
https://github.com/kirito999/IrfanViewBug
https://mediaside.net/irfanview-italia/2024/04/12/4-67-data-di-rilascio-5-aprile-2024/
https://www.fosshub.com/IrfanView.html?dwl=iview466_plugins.zip
https://www.fosshub.com/IrfanView.html?dwl=iview466_setup.exe

History

Mon, 21 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Irfanview Irfanview irfanview
Weaknesses		CWE-120
CPEs		cpe:2.3:a:irfanview:irfanview::::::::
Vendors & Products		Irfanview Irfanview irfanview
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 21 Oct 2024 19:45:00 +0000

Type	Values Removed	Values Added
Description		Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll.
References		https://github.com/kirito999/IrfanViewBug https://mediaside.net/irfanview-italia/2024/04/12/4-67-data-di-rilascio-5-aprile-2024/ https://www.fosshub.com/IrfanView.html?dwl=iview466_plugins.zip https://www.fosshub.com/IrfanView.html?dwl=iview466_setup.exe

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-10-21T00:00:00

Updated: 2024-10-21T20:35:12.948Z

Reserved: 2024-03-27T00:00:00

Link: CVE-2024-31007

Vulnrichment

Updated: 2024-10-21T20:35:07.424Z

NVD

Status : Awaiting Analysis

Published: 2024-10-21T20:15:14.400

Modified: 2024-10-23T15:12:34.673

Link: CVE-2024-31007

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31007", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-21T20:35:12.948Z", "dateReserved": "2024-03-27T00:00:00", "datePublished": "2024-10-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-10-21T19:30:54.714206"}, "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/kirito999/IrfanViewBug"}, {"url": "https://www.fosshub.com/IrfanView.html?dwl=iview466_setup.exe"}, {"url": "https://www.fosshub.com/IrfanView.html?dwl=iview466_plugins.zip"}, {"url": "https://mediaside.net/irfanview-italia/2024/04/12/4-67-data-di-rilascio-5-aprile-2024/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "affected": [{"vendor": "irfanview", "product": "irfanview", "cpes": ["cpe:2.3:a:irfanview:irfanview:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.66_32bit", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-21T20:31:00.496515Z", "id": "CVE-2024-31007", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T20:35:12.948Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31007", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T20:31:00.496515Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:irfanview:irfanview:*:*:*:*:*:*:*:*"], "vendor": "irfanview", "product": "irfanview", "versions": [{"status": "affected", "version": "4.66_32bit"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T20:35:07.424Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/kirito999/IrfanViewBug"}, {"url": "https://www.fosshub.com/IrfanView.html?dwl=iview466_setup.exe"}, {"url": "https://www.fosshub.com/IrfanView.html?dwl=iview466_plugins.zip"}, {"url": "https://mediaside.net/irfanview-italia/2024/04/12/4-67-data-di-rilascio-5-aprile-2024/"}], "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-10-21T19:30:54.714206"}}}, "cveMetadata": {"cveId": "CVE-2024-31007", "state": "PUBLISHED", "dateUpdated": "2024-10-21T20:35:12.948Z", "dateReserved": "2024-03-27T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-10-21T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}