CVE-2024-9114
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-9114 is a remote code execution vulnerability affecting FastStone Image Viewer. This issue arises when the software fails to adequately validate user-supplied data during the parsing of GIF files, resulting in an out-of-bounds write. An attacker can exploit this flaw by crafting a malicious GIF file, causing the application to write data beyond the allocated buffer. Successful exploitation allows the attacker to execute arbitrary code on the affected system, necessitating user interaction such as visiting a malicious page or opening a malicious file. The Zero Day Initiative (ZDI) assigned the identifier ZDI-CAN-25145 to this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Faststone Image Viewer
Affected Vendors
- FastStone