CVE-2024-9259

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 25, 2024
CWE ID 787

Summary

CVE-2024-9259 is a remote code execution vulnerability affecting IrfanView. This issue arises from an out-of-bounds write in the SID file parsing process, where insufficient validation of user-supplied data occurs. An attacker can exploit this weakness by crafting a malicious file or luring a user to a malicious webpage. Successful exploitation grants the attacker the ability to execute arbitrary code within the IrfanView application. This vulnerability, originally discovered and reported as ZDI-CAN-23278, highlights the importance of proper input validation to prevent such attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share