CVE-2024-44913 is a vulnerability identified in IrfanView version 4.67.1.0, specifically within the EXR image file handling component, ReadEXR, at offset +0x40ef1. The flaw allows an attacker to cause an access violation by supplying a specially crafted EXR file. This access violation leads to a denial of service (DoS) condition by crashing the IrfanView application when it attempts to parse the malicious file. The vulnerability is classified under CWE-284, indicating an authorization issue, but in this context, it manifests as improper handling of input data leading to memory access errors. According to the CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H), the attack requires local access (local vector), low attack complexity, no privileges, and user interaction (opening the file). The scope is unchanged, and the impact affects availability only, with no confidentiality or integrity loss. No patches or fixes have been published yet, and no known exploits are reported in the wild. The vulnerability primarily affects users who open EXR files with IrfanView, a popular lightweight image viewer, especially in environments where EXR files are common, such as visual effects, animation, and photography industries.

The primary impact of CVE-2024-44913 is denial of service, resulting in application crashes when processing malicious EXR files. This can disrupt workflows, especially in creative industries relying on IrfanView for quick image previews or batch processing of EXR files. While the vulnerability does not allow code execution or data theft, repeated crashes could lead to productivity loss and potential operational delays. In environments where IrfanView is integrated into automated pipelines or used by multiple users, this could cause broader service interruptions. Since exploitation requires user interaction and local access, remote exploitation risk is limited, reducing the threat to large-scale automated attacks. However, targeted attacks against specific users or organizations using EXR files could leverage this vulnerability to cause disruption.

To mitigate CVE-2024-44913, organizations should: 1) Avoid opening EXR files from untrusted or unknown sources to prevent triggering the vulnerability. 2) Implement strict file validation and scanning policies for image files before use. 3) Monitor IrfanView vendor communications for patches or updates addressing this vulnerability and apply them promptly once available. 4) Consider using alternative image viewers or tools with robust EXR handling if immediate patching is not possible. 5) Employ endpoint protection solutions that can detect abnormal application crashes or suspicious file activity. 6) Educate users about the risks of opening unverified EXR files and encourage cautious handling of image files received via email or external media. 7) For automated environments, isolate IrfanView processes or sandbox file processing to contain potential crashes.