CVE-2024-6821: 
IrfanView vulnerability analysis and mitigation

IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2024-6821) affects IrfanView installations. The vulnerability was discovered in February 2024 and publicly disclosed on July 26, 2024. The flaw specifically impacts IrfanView version 4.66 for x64 systems and exists within the parsing of CIN files (Zero Day Initiative, NVD).

The vulnerability stems from the lack of proper validation of user-supplied data during the parsing of CIN files, which can result in a write past the end of an allocated buffer. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 base score of 7.8 (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerability is classified as CWE-787 (Out-of-bounds Write) (Zero Day Initiative, NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The impact is significant as it could lead to complete system compromise within the scope of the affected application's privileges (Zero Day Initiative).

The vulnerability has been fixed in IrfanView Plugins version 4.67. Users are advised to update to this version to protect against potential exploitation (Zero Day Initiative).