IrfanView CVE-2024-9767 (Critical)

2024-11-26

This article describes CVE-2024-9767, a critical vulnerability in IrfanView that allows remote attackers to execute arbitrary code on a victim’s computer.

Here’s the summarized information:

Platform: IrfanView
Version: All versions (to be confirmed)
Vulnerability: Out-of-Bounds Read Remote Code Execution (RCE) in SID file parsing
Severity: Critical
Date: November 22nd, 2024 (reported)

What Undercode Says:

This vulnerability is currently under analysis, and complete details are not yet available. However, due to the nature of the flaw (RCE via user interaction), it’s classified as critical.

Recommendations:

Until a patch is available, exercise caution when opening SID files from untrusted sources.

Consider using alternative image viewers that

Monitor official IrfanView channels for updates regarding a patch.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top