CVE-2024-11567

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 125

Summary

CVE-2024-11567 is a remote code execution vulnerability affecting IrfanView. Malicious DXF files can trigger an out-of-bounds read, which allows attackers to execute arbitrary code on affected systems. This issue stems from insufficient validation of user-supplied data during DXF file parsing. User interaction, such as opening a malicious file or visiting a malicious webpage, is necessary for an attacker to exploit this vulnerability. Was previously identified as ZDI-CAN-24871.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share