2024-11-25
This article details a critical vulnerability (CVE-2024-11524) in IrfanView that allows remote attackers to execute arbitrary code on affected systems.
Vulnerability :
Platform: IrfanView
Version: All versions
Vulnerability: DXF File Parsing Memory Corruption Remote Code Execution
Severity: Critical (CVSS: 7.8)
Date: November 22, 2024
This vulnerability arises from improper validation of user-supplied data within DXF files. By opening a specially crafted DXF file, an attacker can potentially take control of the affected system.
What Undercode Says:
IrfanView users are strongly advised to update to a patched version as soon as possible.
Until a patch is available, exercise caution when opening DXF files from untrusted sources.
Consider using a dedicated DXF viewer for enhanced security.
Additional Notes:
This vulnerability was identified by the Zero Day Initiative (ZDI).
A CVSS score of 7.8 indicates a high severity vulnerability.
Disclaimer: This information is for educational purposes only. It is recommended to consult security professionals for further guidance.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help