CVE-2024-9259
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-9259 is a remote code execution vulnerability affecting IrfanView. This issue arises from an out-of-bounds write in the SID file parsing process, where insufficient validation of user-supplied data occurs. An attacker can exploit this weakness by crafting a malicious file or luring a user to a malicious webpage. Successful exploitation grants the attacker the ability to execute arbitrary code within the IrfanView application. This vulnerability, originally discovered and reported as ZDI-CAN-23278, highlights the importance of proper input validation to prevent such attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.