CVE-2024-6812: 
IrfanView vulnerability analysis and mitigation

CVE-2024-6812 is a remote code execution vulnerability affecting IrfanView software, specifically in its WSQ file parsing functionality. The vulnerability was discovered and reported to the vendor on February 13, 2024, and was publicly disclosed on July 18, 2024. The issue affects IrfanView installations and requires user interaction for exploitation (Zero Day Initiative).

The vulnerability exists within the parsing of WSQ files in IrfanView and stems from improper validation of user-supplied data. This can result in an out-of-bounds write past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The weakness has been classified as CWE-787 (Out-of-bounds Write) (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (Zero Day Initiative).

A fix has been released in the WSQ plugin (64 bit) which is available through the IrfanView plugins page (Zero Day Initiative).