Volerion logoVolerion
Volerion logoVolerion

IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Vulnerability

A vulnerability allowing out-of-bounds read information disclosure has been identified in the IrfanView CADImage Plugin, specifically within the DWG file parsing process. This issue arises from inadequate validation of user-supplied data, leading to the potential for reading past the end of an allocated buffer. As a result, remote attackers could exploit this vulnerability to disclose sensitive information on affected systems. Notably, user interaction is required, as the target must open a malicious DWG file or visit a harmful webpage.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure. Additionally, according to the Zero Day Initiative, this vulnerability could be leveraged, in conjunction with others, to execute arbitrary code in the context of the current process.

Remediation

Users can upgrade to IrfanView CADImage Plugin version 4.72 to address this vulnerability.

Added: Jul 21, 2025, 11:23 PM
Updated: Jul 21, 2025, 11:23 PM

Vulnerability Rating

Custom Algorithm
spread
2.4
impact
2.5
exploitability
4.4
remediation
7.7
relevance
0.3
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.