CVE-2021-46064: IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of t...
IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.
Security readout for executives and security teams
Plain-English summary
CVE-2021-46064 describes a buffer overflow in the 32-bit version of IrfanView 4.59. A user must open a malicious TIFF image for the issue to trigger. The available sources do not provide CVSS scoring, a confirmed fixed version, or evidence of active exploitation.
Executive priority
Handle through the standard vulnerability program, with faster action for teams that process untrusted image files. Business urgency is limited by incomplete severity data and no KEV listing, but user-opened malicious files remain a realistic exposure path.
Technical view
The CVE record states that IrfanView 4.59 32-bit contains a buffer overflow in a function at address 0x413c70, triggered when opening a malicious .tiff file. No CWE, impact details, exploit maturity, or vendor remediation detail is provided in the bundle.
Likely exposure
Exposure is most likely on workstations with 32-bit IrfanView 4.59 installed, especially where users open TIFF images from email, web downloads, archives, or external parties.
Exploitation context
The source bundle supports a local user-interaction scenario: opening a malicious TIFF file. It does not support claims of active exploitation, remote network exploitation, public exploit availability, or ransomware use.
Researcher notes
Evidence is sparse. The bundle names IrfanView 4.59 32-bit and malicious TIFF parsing, but omits CVSS, CWE, patch version, exploit status, and detailed impact. Do not infer code execution or affected later versions without vendor or CVE evidence.
Mitigation direction
Inventory IrfanView installations and identify 32-bit version 4.59.
Check IrfanView vendor guidance and release history for remediation direction.
Move affected users to a vendor-supported non-vulnerable version when confirmed.
Avoid opening TIFF files from untrusted or unexpected sources.
Remove IrfanView as the default TIFF handler where unnecessary.
Validation and detection
Confirm installed IrfanView version and whether it is 32-bit.
Review endpoint software inventory for IrfanView 4.59.
Check file associations for .tiff and .tif files.
Prioritize systems handling external image submissions or email attachments.
Review crash telemetry involving IrfanView and TIFF files.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-46064 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
2Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Mar 23, 2022, 17:05 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.