CVE-2024-11547: 
IrfanView vulnerability analysis and mitigation

A remote code execution vulnerability was discovered in IrfanView, identified as CVE-2024-11547. The vulnerability affects IrfanView's DWG file parsing functionality and was disclosed on November 21, 2024. The issue impacts IrfanView installations up to version 4.67 (both x64 and x86 variants) (Zero Day Initiative).

The vulnerability exists within the parsing of DWG files and stems from improper validation of user-supplied data, which can result in a memory corruption condition. It has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as an Out-of-bounds Write (CWE-787) and Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) (NVD).

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code in the context of the current process on affected installations of IrfanView. The high severity rating indicates potential complete compromise of system confidentiality, integrity, and availability (Zero Day Initiative).

The vulnerability has been fixed in IrfanView version 4.70 with plugins version 4.70. Users are advised to upgrade to this version to protect against potential exploitation (Zero Day Initiative).