IrfanView DC-2024-11524: Critical DXF File Parsing Vulnerability

2024-11-25

This article details a critical vulnerability (CVE-2024-11524) in IrfanView that allows remote attackers to execute arbitrary code on affected systems.

Vulnerability :

Platform: IrfanView
Version: All versions
Vulnerability: DXF File Parsing Memory Corruption Remote Code Execution
Severity: Critical (CVSS: 7.8)
Date: November 22, 2024

This vulnerability arises from improper validation of user-supplied data within DXF files. By opening a specially crafted DXF file, an attacker can potentially take control of the affected system.

What Undercode Says:

IrfanView users are strongly advised to update to a patched version as soon as possible.
Until a patch is available, exercise caution when opening DXF files from untrusted sources.
Consider using a dedicated DXF viewer for enhanced security.

Additional Notes:

This vulnerability was identified by the Zero Day Initiative (ZDI).
A CVSS score of 7.8 indicates a high severity vulnerability.

Disclaimer: This information is for educational purposes only. It is recommended to consult security professionals for further guidance.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top