CVE-2012-0897

medium

Published 2012-01-20 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.8

Description

Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-19519 local windows verified

Metasploit · 2012-07-01

IrfanView JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow (Metasploit)

Source code queued for fetch — refresh in a moment.

Metasploit modules

exploit_windows/fileformat/irfanview_jpeg2000_bof rank 300

Irfanview JPEG2000 jp2 Stack Buffer Overflow

Source fetch failed: fetch_error — view the original via the link above.

Application impact

Vendor	Product	Versions
irfanview	irfanview	`{"endIncluding":"4.32"}`
irfanview	irfanview	`1.70`
irfanview	irfanview	`1.75`
irfanview	irfanview	`1.80`
irfanview	irfanview	`1.85`
irfanview	irfanview	`1.90`
irfanview	irfanview	`1.95`
irfanview	irfanview	`1.97`
irfanview	irfanview	`1.98`
irfanview	irfanview	`1.98a`
irfanview	irfanview	`1.99`
irfanview	irfanview	`2.00`
irfanview	irfanview	`2.05`
irfanview	irfanview	`2.07`
irfanview	irfanview	`2.10`
irfanview	irfanview	`2.12`
irfanview	irfanview	`2.15`
irfanview	irfanview	`2.17`
irfanview	irfanview	`2.18`
irfanview	irfanview	`2.20`
irfanview	irfanview	`2.22`
irfanview	irfanview	`2.25`
irfanview	irfanview	`2.27`
irfanview	irfanview	`2.30`
irfanview	irfanview	`2.32`
irfanview	irfanview	`2.35`
irfanview	irfanview	`2.37`
irfanview	irfanview	`2.40`
irfanview	irfanview	`2.50`
irfanview	irfanview	`2.52`
irfanview	irfanview	`2.55`
irfanview	irfanview	`2.60`
irfanview	irfanview	`2.62`
irfanview	irfanview	`2.63`
irfanview	irfanview	`2.65`
irfanview	irfanview	`2.66`
irfanview	irfanview	`2.68`
irfanview	irfanview	`2.80`
irfanview	irfanview	`2.82`
irfanview	irfanview	`2.83`
irfanview	irfanview	`2.85`
irfanview	irfanview	`2.90`
irfanview	irfanview	`2.92`
irfanview	irfanview	`2.95`
irfanview	irfanview	`2.97`
irfanview	irfanview	`2.98`
irfanview	irfanview	`3.00`
irfanview	irfanview	`3.0.7`
irfanview	irfanview	`3.02`
irfanview	irfanview	`3.05`
irfanview	irfanview	`3.07`
irfanview	irfanview	`3.10`
irfanview	irfanview	`3.12`
irfanview	irfanview	`3.15`
irfanview	irfanview	`3.17`
irfanview	irfanview	`3.20`
irfanview	irfanview	`3.21`
irfanview	irfanview	`3.25`
irfanview	irfanview	`3.30`
irfanview	irfanview	`3.33`
irfanview	irfanview	`3.35`
irfanview	irfanview	`3.36`
irfanview	irfanview	`3.50`
irfanview	irfanview	`3.51`
irfanview	irfanview	`3.60`
irfanview	irfanview	`3.61`
irfanview	irfanview	`3.70`
irfanview	irfanview	`3.75`
irfanview	irfanview	`3.80`
irfanview	irfanview	`3.85`
irfanview	irfanview	`3.90`
irfanview	irfanview	`3.91`
irfanview	irfanview	`3.92`
irfanview	irfanview	`3.95`
irfanview	irfanview	`3.97`
irfanview	irfanview	`3.98`
irfanview	irfanview	`3.99`
irfanview	irfanview	`4.00`
irfanview	irfanview	`4.10`
irfanview	irfanview	`4.20`
irfanview	irfanview	`4.22`
irfanview	irfanview	`4.23`
irfanview	irfanview	`4.25`
irfanview	irfanview	`4.27`
irfanview	irfanview	`4.28`
irfanview	irfanview	`4.30`

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.