Read Time:16 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11517.

Advisories

ZDI-24-1598: IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

November 21, 2024

Read Time:16 Second

Advisories

ZDI-24-1599: IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

November 21, 2024

Read Time:16 Second

Advisories

ZDI-24-1600: IrfanView JPM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

November 21, 2024

Read Time:16 Second

Advisories

ZDI-24-1601: IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

November 21, 2024

Read Time:16 Second

Advisories

ZDI-24-1602: IrfanView SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

November 21, 2024

Read Time:16 Second

Advisories

ZDI-24-1603: IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability

November 21, 2024

Read Time:16 Second

Advisories

ZDI-24-1604: IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability

November 21, 2024

Read Time:16 Second

Advisories

ZDI-24-1605: Adobe InDesign JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

November 21, 2024

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-49529.

Advisories

ZDI-24-1606: 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability

November 21, 2024

Read Time:17 Second

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-11612.

Cyber Security News

Yearly Archives: 2024

ZDI-24-1597: IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-24-1598: IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-24-1599: IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-24-1600: IrfanView JPM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-24-1601: IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-24-1602: IrfanView SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-24-1603: IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability

ZDI-24-1604: IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability

ZDI-24-1605: Adobe InDesign JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-24-1606: 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability

News, Advisories and much more