CVE-2024-10495: Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW

7.8 CVSS

Description

An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

Classification

CVE ID: CVE-2024-10495

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

Affected Products

Vendor: NI

Product: LabVIEW

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html

Timeline

2024-12-11 00:30:50 UTC
CVE

Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW