Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-23560
CVE-2020-23560:
IrfanView vulnerability analysis and mitigation
Overview
IrfanView 4.54 contains a user-mode write access violation vulnerability (CVE-2020-23560) that occurs in the FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab component. The vulnerability was discovered in 2020 and affects the IrfanView 32-bit version 4.54 software (NVD, Research).
Technical details
The vulnerability manifests as a user-mode write access violation in the Formats.dll plugin version 4.55.4 when reading DCR files. Specifically, the issue occurs at memory location FORMATS!ShowPlugInSaveOptions_W+0x1bcab: 1002763b 6689047e mov word ptr [esi+edi*2],ax ds:002b:4642d000=???? (Research).
Impact
If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user when a specially crafted DCR file is opened in IrfanView (Research).
Mitigation and workarounds
The vendor has fixed this vulnerability in updated versions of the Formats plugin. Users should update to the latest version of IrfanView and its plugins as recommended on the official IrfanView plugins page (IrfanView).
Additional resources
Source: This report was generated using AI
Related IrfanView vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management