CVE-2021-46064

{"id": "CVE-2021-46064", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-03-23T18:15:08.967", "references": [{"url": "http://irfan.com", "tags": ["Product", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://irfanview.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.irfanview.info/main_history.htm", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://irfan.com", "tags": ["Product", "URL Repurposed"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://irfanview.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.irfanview.info/main_history.htm", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image."}, {"lang": "es", "value": "IrfanView versi\u00f3n 4.59, es vulnerable a un desbordamiento del b\u00fafer por medio de la funci\u00f3n en la direcci\u00f3n 0x413c70 (en la versi\u00f3n de 32 bits del binario). La vulnerabilidad es desencadenada cuando el usuario abre una imagen .tiff maliciosa"}], "lastModified": "2024-11-21T06:33:34.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:irfanview:irfanview:4.59:*:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "80A0203D-ACFC-42B5-8925-895BDFC5636B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}