CVE-2024-8025
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-8025 is a newly disclosed vulnerability affecting Nikon NEF Codec. This issue permits remote code execution, allowing attackers to exploit the flaw by creating malicious NRW files. The vulnerability arises due to insufficient validation of user-supplied data during NRW file parsing, leading to a heap-based buffer overflow. User interaction is necessary for an attack to be successful, as the target must either visit a malicious webpage or open the malicious file. This vulnerability, previously identified as ZDI-CAN-19873, can be exploited to execute arbitrary code within the context of the affected installation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.