Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-26974
CVE-2023-26974:
IrfanView vulnerability analysis and mitigation
Overview
Irfanview v4.62 contains a vulnerability that allows a user-mode write access violation through a specially crafted JPEG 2000 file. The vulnerability specifically occurs at memory location JPEG2000+0x0000000000001bf0 (GitHub PoC).
Technical details
The vulnerability exists in the JPEG2000.dll (version 4.56.0.0) component located in the Plugins directory. The issue occurs due to a buffer overflow condition where the memory access exceeds allocated boundaries. During execution, the program performs a circular operation where the ESI register is repeatedly incremented by a fixed value from the stack, while attempting to write values using the 'mov byte ptr [esi],al' instruction. When ESI reaches 0xF007002, which exceeds the allocated buffer ending at 0x0F006FFF, an access violation occurs (GitHub PoC).
Impact
The vulnerability can lead to a Denial of Service (DoS) condition when exploited. When triggered, it causes an access violation fault that can crash the application (GitHub PoC).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management