CVE-2024-11552

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 25, 2024
CWE ID 119
CWE ID 787

Summary

CVE-2024-11552 is a remote code execution vulnerability affecting IrfanView, caused by inadequate validation of user-supplied data during DXF file parsing. This issue permits attackers to corrupt memory and execute arbitrary code when users open a maliciously crafted file or visit a malicious webpage. The flaw was identified as ZDI-CAN-24751 and could lead to significant security risks if not addressed promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share