IrfanView DJVU File Parsing Vulnerability (Critical)

2024-11-25

This article describes a critical vulnerability (CVE-2024-11521) in IrfanView that allows remote attackers to execute malicious code on a victim’s computer.

:

Platform: IrfanView
Version: All versions
Vulnerability: DJVU File Parsing Use-After-Free Remote Code Execution
Severity: Critical
Date: November 22, 2024

What Undercode Says:

This vulnerability is severe and allows attackers to take control of your system if you open a malicious DJVU file. It’s crucial to update IrfanView to the latest version as soon as possible to address this vulnerability.

Additional Notes:

User interaction is required to exploit this vulnerability (e.g., opening a malicious file).
The vulnerability exists due to a lack of validation when processing DJVU files.

It is recommended to update IrfanView immediately to mitigate this risk.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top