CVE-2024-10494: Out of bounds read in HeapObjMapImpl.cpp in NI LabVIEW

7.8 CVSS

Description

An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

Classification

CVE ID: CVE-2024-10494

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

Affected Products

Vendor: NI

Product: LabVIEW

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html

Timeline

2024-12-11 00:30:50 UTC
CVE

Out of bounds read in HeapObjMapImpl.cpp in NI LabVIEW