CVE-2024-11512

CVSS 3.0 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 787

Summary

CVE-2024-11512 is a remote code execution vulnerability affecting IrfanView's WBZ Plugin, specifically when parsing WB1 files. The flaw arises due to inadequate validation of user-supplied data, leading to an out-of-bounds write condition. This issue enables attackers to execute arbitrary code on targeted systems, but user interaction, such as visiting a malicious webpage or opening a malicious file, is necessary for exploitation. The original discovery of this vulnerability was credited to ZDI as ZDI-CAN-22741.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share