CVE-2024-11950

CVSS 3.0 Score 7.8 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 191

Summary

CVE-2024-11950 is a remote code execution vulnerability affecting XnSoft XnView Classic. The issue lies in the RWZ file parsing functionality, where insufficient validation of user-supplied data leads to an integer underflow. This vulnerability allows attackers to execute arbitrary code on affected systems, requiring the target to visit a malicious page or open a malicious file first. ZDI-CAN-22913 disclosed this vulnerability before it was made public.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share