CVE-2024-10496Improper Validation of Specified Index, Position, or Offset in Input in Labview

CWE-1285Improper Validation of Specified Index, Position, or Offset in InputCWE-125Out-of-bounds Read3 documents3 sources
Severity
8.4HIGHNVD
EPSS
0.1%
top 75.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
NI Labview
Timeline
PublishedDec 10

Description

An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N

Affected Packages2 packages

CVEListV5ni/labview23.023.3.4+1
NVDni/labview2021+3

🔴Vulnerability Details

1
GHSA
GHSA-fj3q-j3q4-v62v: An out of bounds read due to improper input validation in BuildFontMap in fontmgr2024-12-10

📋Vendor Advisories

1
CISA ICS
National Instruments LabVIEW2024-12-10
CVE-2024-10496 — NI Labview vulnerability | cvebase