CVE-2024-9767
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-9767 is a remote code execution vulnerability affecting IrfanView, a popular image viewer software. The flaw stems from a lack of proper validation of user-supplied data during SID file parsing, which results in an out-of-bounds read. This issue allows attackers to execute arbitrary code on affected installations. User interaction, such as visiting a malicious webpage or opening a crafted file, is required for successful exploitation. The vulnerability, identified as ZDI-CAN-23277, can give attackers the ability to execute code in the context of the current process.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.