IrfanView, Remote Code Execution, CVE-2024-11508 (Critical)

2024-11-29

:

This article describes a critical vulnerability (CVE-2024-11508) in IrfanView that allows remote attackers to execute malicious code on a victim’s computer. The vulnerability exists due to improper validation of user-supplied data in DXF files. An attacker can exploit this by tricking the victim into opening a specially crafted DXF file.

Vulnerability Details:

Platform: IrfanView
Version: All versions
Vulnerability: DXF File Parsing Type Confusion Remote Code Execution
Severity: Critical
Date: November 22, 2024 (published), November 29, 2024 (last modified)

What Undercode Says:

This vulnerability is critical and should be addressed immediately. Users of IrfanView should update to the latest version as soon as possible, which is expected to contain a fix for this issue. Additionally, users should be cautious about opening untrusted DXF files.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top