How severe is CVE-2024-11950?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-11950?

This is classified as CWE-191, which is a common weakness in software security.

CVE-2024-11950 - HIGH Severity | CVSS 7.8

Vulnerability Description

XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913.

Related Vulnerabilities

CVE-2014-9626

HIGH

CVSS:7.8(High)

Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspe...

CWE-1912014

CVE-2014-9883

HIGH

CVSS:7.8(High)

Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive informa...

CWE-1912014

CVE-2016-10268

HIGH

CVSS:7.8(High)

tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF i...

CWE-1912016

CVE-2017-18278

HIGH

CVSS:7.8(High)

An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer ov...

CWE-1912017

CVE-2017-3034

HIGH

CVSS:7.8(High)

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, rel...

CWE-1912017

CVE-2017-7367

HIGH

CVSS:7.8(High)

In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.

CWE-1912017