Multiple vulnerabilities in IrfanView
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 70 |
| CVE-ID | CVE-2024-11524 CVE-2024-11540 CVE-2024-11542 CVE-2024-11551 CVE-2024-11543 CVE-2024-11549 CVE-2024-11552 CVE-2024-11548 CVE-2024-11547 CVE-2024-11546 CVE-2024-11545 CVE-2024-11544 CVE-2024-11550 CVE-2024-11526 CVE-2024-11527 CVE-2024-11529 CVE-2024-11530 CVE-2024-11531 CVE-2024-11507 CVE-2024-11508 CVE-2024-11509 CVE-2024-11513 CVE-2024-11516 CVE-2024-11514 CVE-2024-11515 CVE-2024-11517 CVE-2024-11518 CVE-2024-11519 CVE-2024-11506 CVE-2024-11523 CVE-2024-11525 CVE-2024-11522 CVE-2024-11564 CVE-2024-11565 CVE-2024-11537 CVE-2024-11528 CVE-2024-11538 CVE-2024-11532 CVE-2024-11533 CVE-2024-11534 CVE-2024-11535 CVE-2024-11536 CVE-2024-11554 CVE-2024-11520 CVE-2024-11521 CVE-2024-11560 CVE-2024-11561 CVE-2024-11563 CVE-2024-11567 CVE-2024-11569 CVE-2024-11574 CVE-2024-11562 CVE-2024-11570 CVE-2024-11572 CVE-2024-11575 CVE-2024-11571 CVE-2024-11573 CVE-2024-11566 CVE-2024-11568 CVE-2024-11556 CVE-2024-11557 CVE-2024-11558 CVE-2024-11555 CVE-2024-11559 CVE-2024-11510 CVE-2024-11511 CVE-2024-11512 CVE-2024-11553 CVE-2024-11539 CVE-2024-11541 |
| CWE-ID | CWE-119 CWE-787 CWE-416 CWE-125 CWE-843 CWE-122 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IrfanView Client/Desktop applications / Office applications |
| Vendor | Irfan Skiljan |
Security Bulletin
This security bulletin contains information about 70 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU100785
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11524
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1593/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU100862
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11540
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DXF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1551/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU100861
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11542
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1550/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU100860
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11551
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1549/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU100859
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11543
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1548/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU100858
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11549
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DXF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1547/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU100857
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11552
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1546/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU100856
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11548
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DWG file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1545/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU100855
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11547
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DWG file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1544/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds write
EUVDB-ID: #VU100854
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11546
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DXF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1543/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU100853
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11545
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick a victim to open a specially crafted DXF file and execute arbitrary code execution on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1542/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU100852
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1541/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU100851
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11550
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DXF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1540/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU100850
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11526
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted CGM file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1539/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU100849
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11527
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DWG file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1538/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU100848
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11529
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DWG file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1537/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU100847
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11530
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted CGM file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1536/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU100846
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11531
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted CGM file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1535/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Type Confusion
EUVDB-ID: #VU100845
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11507
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error. A remote attacker can trick a victim to open a specially crafted DXF file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1604/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Type Confusion
EUVDB-ID: #VU100844
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11508
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error. A remote attacker can trick a victim to open a specially crafted DXF file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1603/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Heap-based buffer overflow
EUVDB-ID: #VU100843
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11509
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted SVG file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1602/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Heap-based buffer overflow
EUVDB-ID: #VU100842
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11513
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted ECW file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1601/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Heap-based buffer overflow
EUVDB-ID: #VU100841
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11516
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted JPM file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1600/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Heap-based buffer overflow
EUVDB-ID: #VU100840
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11514
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted ECW file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1599/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds write
EUVDB-ID: #VU100839
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11515
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted JPM file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1598/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds write
EUVDB-ID: #VU100838
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11517
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted JPM file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1597/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Heap-based buffer overflow
EUVDB-ID: #VU100837
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11518
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted RLE file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1596/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU100829
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11519
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted RLE file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1595/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds read
EUVDB-ID: #VU100828
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11506
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DWG file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1594/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU100827
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11523
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1592/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU100826
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11525
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick a victim to open a specially crafted DXF file and execute arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1591/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU100825
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11522
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1590/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Buffer overflow
EUVDB-ID: #VU100824
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11564
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DWG file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1568/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU100823
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11565
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted CGM file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1567/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU100821
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11537
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1582/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Buffer overflow
EUVDB-ID: #VU100820
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11528
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1589/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Buffer overflow
EUVDB-ID: #VU100819
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11538
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1588/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds write
EUVDB-ID: #VU100818
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11532
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DXF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1587/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds write
EUVDB-ID: #VU100817
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11533
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DXF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1586/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU100816
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11534
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1585/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU100815
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11535
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1584/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU100814
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11536
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1583/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds write
EUVDB-ID: #VU100813
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11554
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DWG file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1581/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds write
EUVDB-ID: #VU100812
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11520
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted ARW file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1580/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU100811
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11521
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick a victim to open a specially crafted DJVU file and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1579/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU100810
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11560
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1578/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Out-of-bounds read
EUVDB-ID: #VU100809
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11561
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1577/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Out-of-bounds read
EUVDB-ID: #VU100808
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11563
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1576/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Out-of-bounds read
EUVDB-ID: #VU100807
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11567
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1575/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds read
EUVDB-ID: #VU100806
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11569
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1574/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Buffer overflow
EUVDB-ID: #VU100805
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11574
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1573/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Out-of-bounds read
EUVDB-ID: #VU100804
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11562
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted CGM file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1572/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use-after-free
EUVDB-ID: #VU100803
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11570
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick a victim to open a specially crafted DXF file and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1571/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Buffer overflow
EUVDB-ID: #VU100802
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11572
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1570/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Buffer overflow
EUVDB-ID: #VU100801
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11575
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1569/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Out-of-bounds read
EUVDB-ID: #VU100800
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11571
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1566/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Buffer overflow
EUVDB-ID: #VU100799
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11573
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1565/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Out-of-bounds read
EUVDB-ID: #VU100798
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11566
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1564/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Out-of-bounds read
EUVDB-ID: #VU100797
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11568
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1563/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Buffer overflow
EUVDB-ID: #VU100796
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11556
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1562/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Buffer overflow
EUVDB-ID: #VU100795
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11557
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1561/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Buffer overflow
EUVDB-ID: #VU100794
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11558
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1560/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Out-of-bounds write
EUVDB-ID: #VU100793
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11555
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DXF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1559/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Out-of-bounds write
EUVDB-ID: #VU100792
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11559
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DXF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1558/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Stack-based buffer overflow
EUVDB-ID: #VU100791
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11510
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trick a victim to open a specially crafted WB1 file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1557/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Heap-based buffer overflow
EUVDB-ID: #VU100790
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11511
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted XCF file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1556/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Out-of-bounds write
EUVDB-ID: #VU100789
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11512
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted WB1 file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1555/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Buffer overflow
EUVDB-ID: #VU100788
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11553
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1554/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Buffer overflow
EUVDB-ID: #VU100787
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11539
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1553/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Buffer overflow
EUVDB-ID: #VU100786
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11541
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIrfanView: 4.00 - 4.67
CPE2.3- cpe:2.3:a:irfan_skiljan:irfanview:4.00:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.10:*:*:*:*:*:*:
- cpe:2.3:a:irfan_skiljan:irfanview:4.20:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1552/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
