Remote Code Execution Vulnerability in IrfanView Due to WSQ File Parsing Flaw
CVE-2024-6812

7.8HIGH

Key Information:

Vendor: Irfanview
Status: Irfanview; Wsq
Vendor: CVE Published:; 21 August 2024

What is CVE-2024-6812?

This vulnerability exists in IrfanView's handling of WSQ files, where a lack of adequate validation of user-supplied input allows for out-of-bounds writes. An attacker can exploit this vulnerability by crafting a malicious WSQ file or web link that, when accessed by a user, triggers the execution of arbitrary code in the context of the affected IrfanView installation. As user interaction is a prerequisite for this attack, it underscores the importance of cautious file handling and web browsing practices. Affected users are strongly advised to update to the latest version of IrfanView to mitigate the risk associated with this vulnerability.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-904/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2024

JSON

Irfanview

What is CVE-2024-6812?

References

CVSS V3.1

Timeline