CVE-2024-11561

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 125

Summary

CVE-2024-11561 is an out-of-bounds read remote code execution vulnerability affecting IrfanView. This issue permits attackers to execute arbitrary code on susceptible installations by exploiting the software's inability to validate user-supplied data during DXF file parsing. The flaw arises from reading beyond the allocated buffer, allowing an attacker to inject and execute malicious code. User interaction, such as visiting a malicious webpage or opening a tainted file, is necessary to exploit the vulnerability. This issue was identified as ZDI-CAN-24857.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share