2024-11-29
:
A critical vulnerability (CVE-2024-11506) exists in IrfanView that allows remote attackers to execute malicious code on affected systems. This vulnerability arises from improper validation of user-supplied data during DWG file parsing, potentially leading to a “read before the start of an allocated buffer” issue. Attackers can exploit this to run arbitrary code within the application’s context. User interaction is necessary for exploitation, such as opening a malicious DWG file or visiting a website containing one.
Vulnerability Details:
Platform: IrfanView
Version: All versions (unaffected version not specified)
Vulnerability: Out-of-Bounds Read Remote Code Execution (RCE)
Severity: Critical
CVE ID: CVE-2024-11506
Date: November 22, 2024 (published by NIST)
What Undercode Says:
This critical vulnerability in IrfanView poses a significant security risk. Users should update to a patched version as soon as possible or avoid opening untrusted DWG files.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help