ZDI-24-1601: IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

November 21, 2024

Read Time:16 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11513.

Advisories

ZDI-24-1602: IrfanView SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

November 21, 2024

Read Time:16 Second

Advisories

ZDI-24-1603: IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability

November 21, 2024

Read Time:16 Second

Advisories

ZDI-24-1604: IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability

November 21, 2024

Read Time:16 Second

Advisories

ZDI-24-1605: Adobe InDesign JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

November 21, 2024

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-49529.

Advisories

ZDI-24-1606: 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability

November 21, 2024

Read Time:17 Second

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-11612.

Advisories

ZDI-24-1607: Luxion KeyShot 3DS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

November 21, 2024

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11576.

Advisories

ZDI-24-1608: Luxion KeyShot SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

November 21, 2024

Read Time:17 Second

Advisories

ZDI-24-1609: Luxion KeyShot 3DS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

November 21, 2024

Read Time:17 Second

Advisories

ZDI-24-1610: Luxion KeyShot OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

November 21, 2024

Read Time:17 Second

Cyber Security News

Yearly Archives: 2024

ZDI-24-1601: IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-24-1602: IrfanView SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-24-1603: IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability

ZDI-24-1604: IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability

ZDI-24-1605: Adobe InDesign JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-24-1606: 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability

ZDI-24-1607: Luxion KeyShot 3DS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-24-1608: Luxion KeyShot SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-24-1609: Luxion KeyShot 3DS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-24-1610: Luxion KeyShot OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

News, Advisories and much more