CVE-2024-6816
CVSS 3.0 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
CWE ID 122
Summary
CVE-2024-6816 is a remote code execution vulnerability affecting IrfanView, as detailed in ZDI-CAN-23214. This issue occurs during the parsing of PSP files, where the length of user-supplied data is not adequately validated before copying it to a heap-based buffer. Consequently, attackers can induce a heap-based buffer overflow and execute arbitrary code on affected installations. User interaction is necessary for exploitation, as the target must visit a malicious page or open a specially crafted file.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share