CVE-2024-11512: 
IrfanView vulnerability analysis and mitigation

IrfanView WBZ Plugin WB1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2024-11512) was discovered and disclosed on November 22, 2024. This vulnerability affects IrfanView installations versions 4.62 up to (excluding) 4.70, specifically targeting the x86 architecture. The vulnerability was initially reported to the vendor on January 17, 2024, and was assigned tracking number ZDI-CAN-22741 (ZDI Advisory).

The vulnerability exists within the parsing of WB1 files in IrfanView's WBZ Plugin. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-787 (Out-of-bounds Write) (NVD).

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. The attacker can leverage this vulnerability to execute code in the context of the current process, potentially gaining the same privileges as the user running the application (ZDI Advisory).

The vulnerability has been fixed in IrfanView version 4.70 with plugins version 4.70. Users are advised to upgrade to this version to mitigate the risk (ZDI Advisory).