CVE-2024-11511

CVSS 3.0 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 122

Summary

CVE-2024-11511 is a newly identified vulnerability affecting the IrfanView XCF Plugin. This issue permits remote code execution through a heap-based buffer overflow in the plugin's XCF file parsing functionality. An attacker can exploit this flaw by crafting a malicious XCF file or enticing the target to visit a malicious webpage. The root cause of this vulnerability is the inadequate validation of user-supplied data prior to copying it to a heap-based buffer, enabling attackers to execute arbitrary code in the context of the affected process. (ZDI-CAN-22735)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share