cvelistv5 - cve-2025-7233

CVE-2025-7233 (GCVE-0-2025-7233)

Vulnerability from cvelistv5

Published

2025-07-21 19:55

Modified

2025-07-22 14:27

Severity ?

3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE

CWE-125 - Out-of-bounds Read

Summary

IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26072.

References

URL

	Vendor	Product	Version
	IrfanView	IrfanView	Version: 4.70.0.0

wid-sec-w-2025-1508

Vulnerability from csaf_certbund

Published

2025-07-08 22:00

Modified

2025-07-21 22:00

Summary

Irfan Skiljan IrfanView CADImage Plugin: Mehrere Schwachstellen ermöglichen Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IrfanView ist ein Bildbetrachter für Windows.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im CADImage Plugin von Irfan Skiljan IrfanView ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IrfanView ist ein Bildbetrachter f\u00fcr Windows.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im CADImage Plugin von Irfan Skiljan IrfanView ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1508 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1508.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1508 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1508"
      },
      {
        "category": "external",
        "summary": "IrfanView Plugins 4.72 vom 2025-07-08",
        "url": "https://www.irfanview.com/plugins.htm"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-495 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-495/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-496 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-496/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-497 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-497/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-498 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-498/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-499 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-499/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-500 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-500/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-501 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-501/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-502 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-502/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-503 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-503/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-504 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-504/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-505 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-505/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-506 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-506/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-507 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-507/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-508 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-508/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-509 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-509/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-510 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-510/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-511 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-511/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-512 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-512/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-513 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-513/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-514 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-514/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-515 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-515/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-516 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-516/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-517 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-517/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-518 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-518/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-519 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-519/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-520 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-520/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-521 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-521/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-522 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-522/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-523 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-523/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-524 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-524/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-525 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-525/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-526 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-526/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-527 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-527/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-528 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-528/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-529 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-529/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-530 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-530/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-531 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-531/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-532 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-532/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-533 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-533/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-534 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-534/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-535 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-535/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-536 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-536/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-537 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-537/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-538 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-538/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-539 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-539/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-540 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-540/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-541 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-541/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-542 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-542/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-543 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-543/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-544 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-544/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-545 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-545/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-546 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-546/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-547 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-547/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-548 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-548/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-549 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-549/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-550 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-550/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-551 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-551/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-552 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-552/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-553 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-553/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-554 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-554/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-555 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-555/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-556 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-556/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-557 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-557/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-558 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-558/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-559 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-559/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-560 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-560/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-561 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-561/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-562 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-562/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-563 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-563/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-564 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-564/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-565 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-565/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-566 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-566/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-567 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-567/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-568 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-568/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-569 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-569/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-570 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-570/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-571 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-571/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-572 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-572/"
      },
      {
        "category": "external",
        "summary": "Zero Day Initiative ZDI-25-573 vom 2025-07-08",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-573/"
      }
    ],
    "source_lang": "en-US",
    "title": "Irfan Skiljan IrfanView CADImage Plugin: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2025-07-21T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-22T05:36:56.584+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1508",
      "initial_release_date": "2025-07-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-21T22:00:00.000+00:00",
          "number": "2",
          "summary": "CVE Nummern erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Plugins \u003c4.72",
                "product": {
                  "name": "Irfan Skiljan IrfanView Plugins \u003c4.72",
                  "product_id": "T045267"
                }
              },
              {
                "category": "product_version",
                "name": "Plugins 4.72",
                "product": {
                  "name": "Irfan Skiljan IrfanView Plugins 4.72",
                  "product_id": "T045267-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:irfanview:irfanview:plugins__4.72"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "IrfanView"
          }
        ],
        "category": "vendor",
        "name": "Irfan Skiljan"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-7233",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7233"
    },
    {
      "cve": "CVE-2025-7234",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7234"
    },
    {
      "cve": "CVE-2025-7235",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7235"
    },
    {
      "cve": "CVE-2025-7236",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7236"
    },
    {
      "cve": "CVE-2025-7237",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7237"
    },
    {
      "cve": "CVE-2025-7238",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7238"
    },
    {
      "cve": "CVE-2025-7239",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7239"
    },
    {
      "cve": "CVE-2025-7240",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7240"
    },
    {
      "cve": "CVE-2025-7241",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7241"
    },
    {
      "cve": "CVE-2025-7242",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7242"
    },
    {
      "cve": "CVE-2025-7243",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7243"
    },
    {
      "cve": "CVE-2025-7244",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7244"
    },
    {
      "cve": "CVE-2025-7246",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7246"
    },
    {
      "cve": "CVE-2025-7247",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7247"
    },
    {
      "cve": "CVE-2025-7248",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7248"
    },
    {
      "cve": "CVE-2025-7249",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7249"
    },
    {
      "cve": "CVE-2025-7250",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7250"
    },
    {
      "cve": "CVE-2025-7251",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7251"
    },
    {
      "cve": "CVE-2025-7252",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7252"
    },
    {
      "cve": "CVE-2025-7253",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7253"
    },
    {
      "cve": "CVE-2025-7254",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7254"
    },
    {
      "cve": "CVE-2025-7255",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7255"
    },
    {
      "cve": "CVE-2025-7256",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7256"
    },
    {
      "cve": "CVE-2025-7257",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7257"
    },
    {
      "cve": "CVE-2025-7258",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7258"
    },
    {
      "cve": "CVE-2025-7260",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7260"
    },
    {
      "cve": "CVE-2025-7261",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7261"
    },
    {
      "cve": "CVE-2025-7262",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7262"
    },
    {
      "cve": "CVE-2025-7263",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7263"
    },
    {
      "cve": "CVE-2025-7264",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7264"
    },
    {
      "cve": "CVE-2025-7265",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7265"
    },
    {
      "cve": "CVE-2025-7266",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7266"
    },
    {
      "cve": "CVE-2025-7267",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7267"
    },
    {
      "cve": "CVE-2025-7268",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7268"
    },
    {
      "cve": "CVE-2025-7269",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7269"
    },
    {
      "cve": "CVE-2025-7270",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7270"
    },
    {
      "cve": "CVE-2025-7271",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7271"
    },
    {
      "cve": "CVE-2025-7272",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7272"
    },
    {
      "cve": "CVE-2025-7273",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7273"
    },
    {
      "cve": "CVE-2025-7274",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7274"
    },
    {
      "cve": "CVE-2025-7275",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7275"
    },
    {
      "cve": "CVE-2025-7276",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7276"
    },
    {
      "cve": "CVE-2025-7277",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7277"
    },
    {
      "cve": "CVE-2025-7278",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7278"
    },
    {
      "cve": "CVE-2025-7279",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7279"
    },
    {
      "cve": "CVE-2025-7280",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7280"
    },
    {
      "cve": "CVE-2025-7281",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7281"
    },
    {
      "cve": "CVE-2025-7282",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7282"
    },
    {
      "cve": "CVE-2025-7283",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7283"
    },
    {
      "cve": "CVE-2025-7284",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7284"
    },
    {
      "cve": "CVE-2025-7285",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7285"
    },
    {
      "cve": "CVE-2025-7286",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7286"
    },
    {
      "cve": "CVE-2025-7287",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7287"
    },
    {
      "cve": "CVE-2025-7288",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7288"
    },
    {
      "cve": "CVE-2025-7289",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7289"
    },
    {
      "cve": "CVE-2025-7290",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7290"
    },
    {
      "cve": "CVE-2025-7291",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7291"
    },
    {
      "cve": "CVE-2025-7292",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7292"
    },
    {
      "cve": "CVE-2025-7293",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7293"
    },
    {
      "cve": "CVE-2025-7294",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7294"
    },
    {
      "cve": "CVE-2025-7295",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7295"
    },
    {
      "cve": "CVE-2025-7296",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7296"
    },
    {
      "cve": "CVE-2025-7297",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7297"
    },
    {
      "cve": "CVE-2025-7298",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7298"
    },
    {
      "cve": "CVE-2025-7299",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7299"
    },
    {
      "cve": "CVE-2025-7300",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7300"
    },
    {
      "cve": "CVE-2025-7301",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7301"
    },
    {
      "cve": "CVE-2025-7302",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7302"
    },
    {
      "cve": "CVE-2025-7303",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7303"
    },
    {
      "cve": "CVE-2025-7304",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7304"
    },
    {
      "cve": "CVE-2025-7305",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7305"
    },
    {
      "cve": "CVE-2025-7306",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7306"
    },
    {
      "cve": "CVE-2025-7307",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7307"
    },
    {
      "cve": "CVE-2025-7308",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7308"
    },
    {
      "cve": "CVE-2025-7309",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7309"
    },
    {
      "cve": "CVE-2025-7310",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7310"
    },
    {
      "cve": "CVE-2025-7311",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7311"
    },
    {
      "cve": "CVE-2025-7312",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7312"
    },
    {
      "cve": "CVE-2025-7313",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7313"
    },
    {
      "cve": "CVE-2025-7314",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7314"
    },
    {
      "cve": "CVE-2025-7315",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7315"
    },
    {
      "cve": "CVE-2025-7316",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7316"
    },
    {
      "cve": "CVE-2025-7317",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7317"
    },
    {
      "cve": "CVE-2025-7318",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7318"
    },
    {
      "cve": "CVE-2025-7319",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7319"
    },
    {
      "cve": "CVE-2025-7320",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7320"
    },
    {
      "cve": "CVE-2025-7321",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7321"
    },
    {
      "cve": "CVE-2025-7322",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7322"
    },
    {
      "cve": "CVE-2025-7323",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7323"
    },
    {
      "cve": "CVE-2025-7324",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7324"
    },
    {
      "cve": "CVE-2025-7325",
      "product_status": {
        "known_affected": [
          "T045267"
        ]
      },
      "release_date": "2025-07-08T22:00:00.000+00:00",
      "title": "CVE-2025-7325"
    }
  ]
}

cnvd-2025-17062

Vulnerability from cnvd

Title

IrfanView CADImage Plugin信息泄露漏洞

Description

IrfanView CADImage Plugin是IrfanView公司的一个CAD插件。 IrfanView CADImage Plugin存在信息泄露漏洞，攻击者可利用该漏洞获取敏感信息。

Severity

低

Patch Name

IrfanView CADImage Plugin信息泄露漏洞的补丁

Patch Description

IrfanView CADImage Plugin是IrfanView公司的一个CAD插件。 IrfanView CADImage Plugin存在信息泄露漏洞，攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://www.irfanview.com/

Reference

https://www.zerodayinitiative.com/advisories/ZDI-25-494/

Impacted products

Name
IrfanView CADImage Plugin 4.70

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-7233",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-7233"
    }
  },
  "description": "IrfanView CADImage Plugin\u662fIrfanView\u516c\u53f8\u7684\u4e00\u4e2aCAD\u63d2\u4ef6\u3002\n\nIrfanView CADImage Plugin\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.irfanview.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-17062",
  "openTime": "2025-07-29",
  "patchDescription": "IrfanView CADImage Plugin\u662fIrfanView\u516c\u53f8\u7684\u4e00\u4e2aCAD\u63d2\u4ef6\u3002\r\n\r\nIrfanView CADImage Plugin\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IrfanView CADImage Plugin\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IrfanView CADImage Plugin 4.70"
  },
  "referenceLink": "https://www.zerodayinitiative.com/advisories/ZDI-25-494/",
  "serverity": "\u4f4e",
  "submitTime": "2025-07-23",
  "title": "IrfanView CADImage Plugin\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

fkie_cve-2025-7233

Vulnerability from fkie_nvd

Published

2025-07-21 20:15

Modified

2025-07-25 13:38

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	zdi-disclosures@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-25-494/	Third Party Advisory

Impacted products

Vendor	Product	Version
cadsofttools	cadimage	*
cadsofttools	cadimage	*
irfanview	irfanview	*
irfanview	irfanview	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cadsofttools:cadimage:*:*:*:*:*:irfanview:x64:*",
              "matchCriteriaId": "D04C3EC4-8E8B-4FF3-960C-1833F86B67A9",
              "versionEndExcluding": "15.0.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cadsofttools:cadimage:*:*:*:*:*:irfanview:x86:*",
              "matchCriteriaId": "CD3AF73F-CA47-460E-BE55-ACC42C4CB22B",
              "versionEndExcluding": "15.0.0.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:*:*:*:*:*:*:x64:*",
              "matchCriteriaId": "44AB69A5-F65B-4A4D-A12C-FFB6317C39F4",
              "versionEndExcluding": "4.72",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:*:*:*:*:*:*:x86:*",
              "matchCriteriaId": "D8298F15-CC7C-4927-BD5E-4F9034D48CA1",
              "versionEndExcluding": "4.72",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26072."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos DWG del complemento IrfanView CADImage. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas del complemento IrfanView CADImage. Para explotar esta vulnerabilidad, se requiere la interacci\u00f3n del usuario, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica se encuentra en el an\u00e1lisis de archivos DWG. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del l\u00edmite del b\u00fafer asignado. Un atacante puede aprovechar esto, junto con otras vulnerabilidades, para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Anteriormente, se denomin\u00f3 ZDI-CAN-26072."
    }
  ],
  "id": "CVE-2025-7233",
  "lastModified": "2025-07-25T13:38:05.347",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-21T20:15:43.763",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-494/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    }
  ]
}

ghsa-h8vw-hvvh-qqj8

Vulnerability from github

Published

2025-07-21 21:31

Modified

2025-07-21 21:31

Severity ?

3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26072.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-7233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-21T20:15:43Z",
    "severity": "LOW"
  },
  "details": "IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26072.",
  "id": "GHSA-h8vw-hvvh-qqj8",
  "modified": "2025-07-21T21:31:38Z",
  "published": "2025-07-21T21:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7233"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-494"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-7233 (GCVE-0-2025-7233)

Vulnerability from cvelistv5

wid-sec-w-2025-1508

Vulnerability from csaf_certbund

cnvd-2025-17062

Vulnerability from cnvd

fkie_cve-2025-7233

Vulnerability from fkie_nvd

ghsa-h8vw-hvvh-qqj8

Vulnerability from github

Tags

Sightings

Nomenclature