CVE-2020-23553: 
IrfanView vulnerability analysis and mitigation

IrfanView 4.54 contains a user-mode write access violation vulnerability starting at FORMATS!GetPlugInInfo+0x0000000000007d33. This vulnerability affects the 32-bit version of IrfanView and specifically impacts the Formats.dll plugin when reading DDS files (NVD, Research).

The vulnerability manifests as a user-mode write access violation in the FORMATS!GetPlugInInfo function at offset 0x7d33, specifically during the execution of the instruction 'rep movs dword ptr es:[edi], dword ptr [esi]' when processing DDS files. The CVSS v3.1 base score for this vulnerability is 7.8 HIGH, with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can result in unauthorized write access violations, potentially leading to arbitrary code execution in the context of the current user. This could compromise the confidentiality, integrity, and availability of the affected system (NVD).

The vendor has fixed this vulnerability in an updated version of the Formats plugin. Users are advised to update to the latest version of IrfanView and its plugins. The fix is available through the official IrfanView plugin download page (Plugins).