CVE-2024-9767

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 125

Summary

CVE-2024-9767 is a remote code execution vulnerability affecting IrfanView, a popular image viewer software. The flaw stems from a lack of proper validation of user-supplied data during SID file parsing, which results in an out-of-bounds read. This issue allows attackers to execute arbitrary code on affected installations. User interaction, such as visiting a malicious webpage or opening a crafted file, is required for successful exploitation. The vulnerability, identified as ZDI-CAN-23277, can give attackers the ability to execute code in the context of the current process.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share