CVE-2024-11507

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 29, 2024
CWE ID 843

Summary

CVE-2024-11507 is a type confusion vulnerability in IrfanView's DXF file parsing functionality. This issue allows remote code execution, requiring user interaction to exploit it. Attackers can trick users into visiting a malicious website or opening a specially crafted file. The vulnerability stems from insufficient validation of user-supplied data during DXF file processing, resulting in a type confusion condition. Exploitation permits an attacker to execute arbitrary code in the context of the affected IrfanView installation. (ZDI-CAN-22177)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share