CVE-2024-11509

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 29, 2024
CWE ID 787
CWE ID 122

Summary

CVE-2024-11509 is a newly disclosed vulnerability affecting IrfanView, a popular image viewer software. This issue involves a heap-based buffer overflow in the SVG file parsing component. An attacker can exploit this remote code execution vulnerability by crafting a malicious SVG file or hosting a malicious webpage. The flaw arises from insufficient validation of user-supplied data length prior to copying it to a heap-buffer. Successful exploitation grants attackers the ability to execute arbitrary code in the context of the affected system. This vulnerability, originally identified as ZDI-CAN-22185, highlights the importance of keeping software up-to-date with the latest security patches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share