CVE-2024-11566

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 125

Summary

CVE-2024-11566 is a remote code execution vulnerability affecting IrfanView, a popular image viewer software. The flaw is located in the DXF file parsing component and arises from insufficient validation of user-supplied data. This can lead to an out-of-bounds read, enabling attackers to execute arbitrary code on vulnerable installations. Exploitation requires users to visit a malicious webpage or open a crafted DXF file. This vulnerability, identified as ZDI-CAN-24868, poses a significant risk to systems running IrfanView.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share