2024-11-25
This article describes a critical vulnerability (CVE-2024-11523) in IrfanView that allows remote attackers to execute arbitrary code on a victim’s computer.
:
Platform: IrfanView
Version: All versions
Vulnerability: DXF file parsing memory corruption leading to remote code execution
Severity: Critical
Date: November 22nd, 2024
What Undercode Says:
This vulnerability is critical and allows attackers to take complete control of an affected system. Users of IrfanView should update to the latest version as soon as possible. There is no further information available on exploitability or a patch at this time.
Additional Notes:
User interaction is required to exploit this vulnerability (e.g., opening a malicious DXF file).
The vulnerability is caused by a lack of proper validation of user-supplied data.
This vulnerability was reported by Zero Day Initiative (ZDI-CAN-24597).
This vulnerability has not been officially analyzed by NVD yet.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help