CVE-2017-14693

{"id": "CVE-2017-14693", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-09-22T08:29:00.410", "references": [{"url": "http://www.irfanview.net/main_history.htm", "source": "cve@mitre.org"}, {"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14693", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.irfanview.net/main_history.htm", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14693", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to \"Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613.\""}, {"lang": "es", "value": "La versi\u00f3n 4.44 - 32bit de IrfanView permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .djvu manipulado. Esta vulnerabilidad est\u00e1 relacionada con \"Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613\"."}], "lastModified": "2024-11-21T03:13:20.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:irfanview:irfanview:4.44:*:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "88778CE0-192D-42EA-8644-9BF65D383A7C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}