CVE-2024-11574
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
Updated: Nov 25, 2024
CWE ID 119
CWE ID 787
Summary
CVE-2024-11574 is a remote code execution vulnerability affecting IrfanView, caused by insufficient validation of user-supplied data during DXF file parsing. This issue allows attackers to corrupt memory and execute arbitrary code on affected systems. Exploitation requires users to visit malicious pages or open malicious files. The lack of proper data validation results in memory corruption, providing an attack vector for code execution in the context of the current process. (ZDI-CAN-24900)
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- IrfanView