CVE-2024-11554
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-11554 is a remote code execution vulnerability affecting IrfanView, a popular image viewing software. The issue lies in the application's DWG file parsing functionality, which fails to validate user-supplied data properly. This flaw allows an attacker to write data beyond the allocated memory, resulting in code execution in the context of the affected process. User interaction is necessary for an attacker to exploit this vulnerability, typically by convincing the target to visit a malicious webpage or open a specifically crafted file. The ZDI (Zero Day Initiative) assigned the identifier ZDI-CAN-24754 to this vulnerability prior to its public disclosure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.