CVE-2024-11546

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 25, 2024
CWE ID 787

Summary

CVE-2024-11546 is an out-of-bounds write vulnerability affecting the IrfanView software during the parsing of DXF files. This issue enables remote code execution, requiring user interaction for exploitation, typically through visiting malicious webpages or opening tainted files. The flaw stems from insufficient validation of user-supplied data, resulting in unintended writes beyond the boundaries of an allocated buffer. Subsequently, an attacker can insert and execute malicious code within the IrfanView application. (ZDI-CAN-24714)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share