CVE-2017-8370

moderate-risk
Published 2017-07-05

IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote attackers to execute arbitrary code or cause a denial of service (Heap Corruption and application crash) in processing a FlashPix (.FPX) file, a different vulnerability than CVE-2017-7721.

Do I need to act?

~
1.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (2)

Fpx

Affected Vendors

Irfanview

References (4)

Product http://www.irfanview.com/plugins.htm
Third Party Advisory https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8370
Product http://www.irfanview.com/plugins.htm
Third Party Advisory https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8370
35
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 4/34 · Minimal
Exposure 7/34 · Low