CVE-2024-6821

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 29, 2024
CWE ID 787

Summary

CVE-2024-6821 is a remote code execution vulnerability affecting IrfanView, caused by an out-of-bounds write issue during CIN file parsing. The flaw arises due to insufficient validation of user-supplied data, allowing an attacker to write data past the end of an allocated buffer. This vulnerability can be exploited when users visit a malicious webpage or open a maliciously crafted file, leading to arbitrary code execution in the context of the current process. (Was ZDI-CAN-23260)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share