Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-23557
CVE-2020-23557:
IrfanView vulnerability analysis and mitigation
Overview
IrfanView 4.54 contains a user-mode write access violation vulnerability (CVE-2020-23557) in the FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d component when handling DCR files. The vulnerability was discovered by nhiephon from NCSC of Vietnam (IrfanView Plugin).
Technical details
The vulnerability occurs in the Plugin Formats.dll version 4.55.4 when reading DCR files, specifically at memory location FORMATS!ShowPlugInSaveOptions_W+0x755d: 10012eed 66891471 mov word ptr [ecx+esi*2],dx ds:002b:0b0a1000=????. This represents a user-mode write access violation that could lead to memory corruption (Research).
Impact
The vulnerability allows attackers to cause a user-mode write access violation, which could potentially lead to application crashes or memory corruption when processing specially crafted DCR files (NVD).
Mitigation and workarounds
The vendor has fixed this vulnerability in an updated version of the plugin. Users are advised to update to the latest version of IrfanView and its plugins. The fix is available through the official IrfanView plugins page (IrfanView Plugin).
Additional resources
Source: This report was generated using AI
Related IrfanView vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management