CVE-2024-9114

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 787

Summary

CVE-2024-9114 is a remote code execution vulnerability affecting FastStone Image Viewer. This issue arises when the software fails to adequately validate user-supplied data during the parsing of GIF files, resulting in an out-of-bounds write. An attacker can exploit this flaw by crafting a malicious GIF file, causing the application to write data beyond the allocated buffer. Successful exploitation allows the attacker to execute arbitrary code on the affected system, necessitating user interaction such as visiting a malicious page or opening a malicious file. The Zero Day Initiative (ZDI) assigned the identifier ZDI-CAN-25145 to this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Faststone Image Viewer

Affected Vendors

  • FastStone