Remote Code Execution Vulnerability in IrfanView Due to WSQ File Parsing Flaw
CVE-2024-6812

7.8HIGH

Key Information:

Vendor: Irfanview
Status: Irfanview; Wsq
Vendor: CVE Published:; 21 August 2024

What is CVE-2024-6812?

This vulnerability exists in IrfanView's handling of WSQ files, where a lack of adequate validation of user-supplied input allows for out-of-bounds writes. An attacker can exploit this vulnerability by crafting a malicious WSQ file or web link that, when accessed by a user, triggers the execution of arbitrary code in the context of the affected IrfanView installation. As user interaction is a prerequisite for this attack, it underscores the importance of cautious file handling and web browsing practices. Affected users are strongly advised to update to the latest version of IrfanView to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.zerodayinitiative.com/advisories/ZDI-24-904/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2024

JSON

Irfanview

What is CVE-2024-6812?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.