CVE-2024-11556
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
Updated: Nov 25, 2024
CWE ID 119
CWE ID 787
Summary
CVE-2024-11556 is a remote code execution vulnerability affecting IrfanView. This issue is related to the software's inability to properly validate user-supplied data during DXF file parsing. Attackers can exploit this memory corruption vulnerability by crafting malicious DXF files or web pages. Successful exploitation requires user interaction, meaning the target must open the malicious file or visit the malicious page. The flaw, also known as ZDI-CAN-24795, allows an attacker to execute arbitrary code in the context of the affected IrfanView installation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share