CVE-2024-11509
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-11509 is a newly disclosed vulnerability affecting IrfanView, a popular image viewer software. This issue involves a heap-based buffer overflow in the SVG file parsing component. An attacker can exploit this remote code execution vulnerability by crafting a malicious SVG file or hosting a malicious webpage. The flaw arises from insufficient validation of user-supplied data length prior to copying it to a heap-buffer. Successful exploitation grants attackers the ability to execute arbitrary code in the context of the affected system. This vulnerability, originally identified as ZDI-CAN-22185, highlights the importance of keeping software up-to-date with the latest security patches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.