2024-11-25
:
This critical vulnerability (CVE-2024-11529) in IrfanView allows remote attackers to execute arbitrary code on affected systems. An attacker can exploit this vulnerability by tricking a user into opening a specially crafted DWG file.
Vulnerability Details:
Platform: IrfanView
Version: All versions
Vulnerability: Out-of-bounds read during DWG file parsing leading to Remote Code Execution (RCE)
Severity: Critical (CVSS score: 7.8)
Date: November 22, 2024 (NVD published date)
What Undercode Says:
This vulnerability is critical and users should patch IrfanView immediately. Avoid opening untrusted DWG files.
Additional Notes:
IrfanView is a popular image viewer software.
The vulnerability is caused by a lack of proper validation of user-supplied data in DWG files.
Attackers can use this vulnerability to take complete control of the affected system.
This vulnerability was discovered and reported by the Zero Day Initiative (ZDI). There is no known patch available at this time. It is recommended that users update IrfanView as soon as a patch is released.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help