CVE-2024-9261

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 25, 2024
CWE ID 787
CWE ID 121

Summary

CVE-2024-9261 is a stack-based buffer overflow vulnerability affecting IrfanView's SID file parsing functionality. This issue permits remote code execution, making it a significant security concern. The flaw arises due to insufficient validation of user-supplied data, leading to the copying of unchecked data to a stack-based buffer. An attacker can exploit this vulnerability by compelling the target to visit a malicious webpage or open a malicious file. Successful exploitation grants the attacker the ability to execute arbitrary code within the IrfanView process. (ZDI-CAN-23283)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share