CVE-2024-11566
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 125
Summary
CVE-2024-11566 is a remote code execution vulnerability affecting IrfanView, a popular image viewer software. The flaw is located in the DXF file parsing component and arises from insufficient validation of user-supplied data. This can lead to an out-of-bounds read, enabling attackers to execute arbitrary code on vulnerable installations. Exploitation requires users to visit a malicious webpage or open a crafted DXF file. This vulnerability, identified as ZDI-CAN-24868, poses a significant risk to systems running IrfanView.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share