Cyber Resilience

CVE-2024-1112

High

Published: 31 January 2024

Published
31 January 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.3885 97.4th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-1112 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Angusj Resource Hacker. Its CVSS base score is 7.3 (High).

Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A heap-based buffer overflow vulnerability affects Resource Hacker version 3.6.0.92, developed by Angus Johnson. Tracked as CVE-2024-1112 and linked to CWE-119 and CWE-787, the flaw arises from insufficient bounds checking when processing a long filename argument, which can corrupt heap memory.

An authenticated local user who can supply a malicious filename can trigger the overflow to achieve arbitrary code execution. The vulnerability is rated 7.3 under CVSS 3.1 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), reflecting high impact on confidentiality, integrity, and availability when the required user interaction occurs.

The current EPSS score of 0.3885 matches its recorded peak, indicating no material post-disclosure rise in exploitation probability.

EU & UK References

Vulnerability details

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

angusj
resource hacker
3.6.0.92

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-119 CWE-787

Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.

addresses: CWE-119

Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.

addresses: CWE-119

Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.

addresses: CWE-119

Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.

References