CVE-2024-11539: 
IrfanView vulnerability analysis and mitigation

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability (CVE-2024-11539) affects IrfanView installations. The vulnerability was discovered and disclosed in November 2024, impacting IrfanView version 4.67 (x64 and x86 architectures). This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView when users interact with malicious content (ZDI Advisory).

The vulnerability exists within the parsing of DXF files and stems from improper validation of user-supplied data, resulting in a memory corruption condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The flaw is classified as an Out-of-bounds Write (CWE-787) and Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) (NVD).

Successful exploitation of this vulnerability enables attackers to execute arbitrary code in the context of the current process. The vulnerability requires user interaction, specifically requiring the target to visit a malicious page or open a malicious file (ZDI Advisory).

The vulnerability has been fixed in IrfanView version 4.70 with plugins version 4.70. Users are advised to upgrade to this version to mitigate the risk (ZDI Advisory).