CVE-2025-7282

July 21, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-7282
Type cve
Published 2025-07-21T20:15:50
Last Seen 2025-07-21T20:24:25
Modified 2025-07-21T20:15:50

CVSS Information

Base Score 7.8 (HIGH)
Attack Vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

Additional Information

CVE List CVE-2025-7282
CWE List CWE-119
Bulletin Family cve

Description

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26216.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.