CVE-2024-11569
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 125
Summary
CVE-2024-11569 is a remote code execution vulnerability affecting IrfanView, specifically in its DXF file parsing feature. The flaw arises due to insufficient validation of user-supplied data, leading to an out-of-bounds read. This issue permits attackers to execute arbitrary code on targeted systems, requiring victims to visit a malicious webpage or open a malicious DXF file to exploit the vulnerability. ZDI-CAN-24873 identified this issue before its public disclosure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share