IrfanView, Remote Code Execution (RCE), CVE-2024-11506 (Critical)

2024-11-29

:

A critical vulnerability (CVE-2024-11506) exists in IrfanView that allows remote attackers to execute malicious code on affected systems. This vulnerability arises from improper validation of user-supplied data during DWG file parsing, potentially leading to a “read before the start of an allocated buffer” issue. Attackers can exploit this to run arbitrary code within the application’s context. User interaction is necessary for exploitation, such as opening a malicious DWG file or visiting a website containing one.

Vulnerability Details:

Platform: IrfanView
Version: All versions (unaffected version not specified)
Vulnerability: Out-of-Bounds Read Remote Code Execution (RCE)
Severity: Critical

CVE ID: CVE-2024-11506

Date: November 22, 2024 (published by NIST)

What Undercode Says:

This critical vulnerability in IrfanView poses a significant security risk. Users should update to a patched version as soon as possible or avoid opening untrusted DWG files.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top