IrfanView CGM File Parsing Vulnerability (DC-2024-11526) – Critical

2024-11-25

:

A critical vulnerability (CVE-2024-11526) exists in IrfanView that allows remote attackers to execute arbitrary code on affected systems. This vulnerability arises from the software’s improper handling of CGM files. An attacker can exploit this by tricking a user into opening a specially crafted CGM file.

Vulnerability Details:

Platform: IrfanView
Version: All versions (unaffected versions not yet disclosed)
Vulnerability: Out-of-Bounds Read Remote Code Execution (RCE)
Severity: Critical
Date: November 22, 2024 (Discovered), November 25, 2024 (Last Updated – NVD)

What Undercode Says:

This vulnerability is critical and allows attackers to take full control of affected systems. Users of IrfanView should update to the latest version as soon as possible once a patch is released. Until then, avoid opening untrusted CGM files.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top