CVE-2024-5877 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-5877?

CVE-2024-5877 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PIC files in IrfanView. The flaw exists in how IrfanView processes PIC image files, enabling attackers to write data outside allocated memory boundaries. Users of vulnerable IrfanView versions who open untrusted image files are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PIC files in IrfanView. The flaw exists in how IrfanView processes PIC image files, enabling attackers to write data outside allocated memory boundaries. Users of vulnerable IrfanView versions who open untrusted image files are affected.

💻 Affected Systems

Products:

IrfanView

Versions: Versions prior to 4.67

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All Windows versions running vulnerable IrfanView versions are affected. The vulnerability requires user interaction to open malicious files.

📦 What is this software?

Formats by Irfanview

View all CVEs affecting Formats →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to malware execution, data exfiltration, or system disruption for the affected user account.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash only.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction but is technically straightforward once a malicious file is opened. The vulnerability was disclosed through ZDI with proof-of-concept details available to researchers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: IrfanView 4.67 and later

Vendor Advisory: https://www.irfanview.com/main_history.htm

Restart Required: No

Instructions:

1. Download IrfanView 4.67 or later from the official website
2. Run the installer
3. Follow installation prompts to update
4. No system restart required

🔧 Temporary Workarounds

Disable PIC file association

windows

Remove IrfanView as default handler for PIC files to prevent automatic opening

Control Panel > Default Programs > Set Associations > Find .PIC > Change program

Application sandboxing

windows

Run IrfanView with reduced privileges using sandboxing tools

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Use network segmentation to isolate systems running IrfanView from critical assets

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version via Help > About. Versions below 4.67 are vulnerable.

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify IrfanView version is 4.67 or higher in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

Application crashes of IrfanView with PIC file extensions
Unusual process creation from IrfanView executable

Network Indicators:

Downloads of PIC files from untrusted sources
Outbound connections from IrfanView process

SIEM Query:

Process Creation where Image contains 'i_view' AND CommandLine contains '.pic'

📊 Metadata

CVE ID: CVE-2024-5877

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: November 22, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-666/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5877, you might also want to check these: