This exception may be expected and handled.
(32f0.c58): Access violation - code c0000005 (first chance)įirst chance exceptions are reported before any exception handling. The vulnerability is triggered in all the cases in the function above.Īlso, following excerpt shows the decompiled function which is the caller of above function: Out of Bound Write causing Denial of Serviceīelow is an excerpt of the decompiled function where the out-of-bound write occurs: Note: The vulnerabilities were discovered by fuzzing the WPG.DLL library. Access violation causing Denial of Service while attempting to read from unallocated/freed memory (CVE-2021-27362).Out of Bound Write causing Denial of Service (CVE-2021-27224).The following vulnerabilities were discovered: The vulnerabilities can be exploited by an attacker by making the user open a WPG file using IrfanView. These vulnerabilities can cause application denial of service as well as arbitrary code execution in the worst case scenario. IrfanView's WPG file parsing library suffers from multiple vulnerabilities. SEC Consult recommends upgrading to the latest available version which patches the security issues. The first graphic viewer worldwide with Multiple ICO support."
One of the first graphic viewers worldwide with Multipage TIF support.
"IrfanView was the first Windows graphic viewer worldwide with Multiple (animated) GIF support.