LiveActive security incident?Get immediate response
CVE Record

CVE-2021-46064: IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of t...

IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2021-46064 describes a buffer overflow in the 32-bit version of IrfanView 4.59. A user must open a malicious TIFF image for the issue to trigger. The available sources do not provide CVSS scoring, a confirmed fixed version, or evidence of active exploitation.

Executive priority

Handle through the standard vulnerability program, with faster action for teams that process untrusted image files. Business urgency is limited by incomplete severity data and no KEV listing, but user-opened malicious files remain a realistic exposure path.

Technical view

The CVE record states that IrfanView 4.59 32-bit contains a buffer overflow in a function at address 0x413c70, triggered when opening a malicious .tiff file. No CWE, impact details, exploit maturity, or vendor remediation detail is provided in the bundle.

Likely exposure

Exposure is most likely on workstations with 32-bit IrfanView 4.59 installed, especially where users open TIFF images from email, web downloads, archives, or external parties.

Exploitation context

The source bundle supports a local user-interaction scenario: opening a malicious TIFF file. It does not support claims of active exploitation, remote network exploitation, public exploit availability, or ransomware use.

Researcher notes

Evidence is sparse. The bundle names IrfanView 4.59 32-bit and malicious TIFF parsing, but omits CVSS, CWE, patch version, exploit status, and detailed impact. Do not infer code execution or affected later versions without vendor or CVE evidence.

Mitigation direction

  • Inventory IrfanView installations and identify 32-bit version 4.59.
  • Check IrfanView vendor guidance and release history for remediation direction.
  • Move affected users to a vendor-supported non-vulnerable version when confirmed.
  • Avoid opening TIFF files from untrusted or unexpected sources.
  • Remove IrfanView as the default TIFF handler where unnecessary.

Validation and detection

  • Confirm installed IrfanView version and whether it is 32-bit.
  • Review endpoint software inventory for IrfanView 4.59.
  • Check file associations for .tiff and .tif files.
  • Prioritize systems handling external image submissions or email attachments.
  • Review crash telemetry involving IrfanView and TIFF files.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-46064 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
2Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.