2024-11-25
This article describes a critical vulnerability (CVE-2024-11521) in IrfanView that allows remote attackers to execute malicious code on a victim’s computer.
:
Platform: IrfanView
Version: All versions
Vulnerability: DJVU File Parsing Use-After-Free Remote Code Execution
Severity: Critical
Date: November 22, 2024
What Undercode Says:
This vulnerability is severe and allows attackers to take control of your system if you open a malicious DJVU file. It’s crucial to update IrfanView to the latest version as soon as possible to address this vulnerability.
Additional Notes:
User interaction is required to exploit this vulnerability (e.g., opening a malicious file).
The vulnerability exists due to a lack of validation when processing DJVU files.
It is recommended to update IrfanView immediately to mitigate this risk.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help