8.4

CVE-2024-10496

An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution.  Successful exploitation requires an attacker to provide a user with a specially crafted VI.  This vulnerability affects LabVIEW 2024 Q3 and prior versions.

Data is provided by the National Vulnerability Database (NVD)
NiLabview Version <= 2021
NiLabview Version2022 Updateq1
NiLabview Version2022 Updateq3
NiLabview Version2022 Updateq3_patch1
NiLabview Version2022 Updateq3_patch2
NiLabview Version2023 Updateq1
NiLabview Version2023 Updateq3
NiLabview Version2023 Updateq3_patch1
NiLabview Version2023 Updateq3_patch2
NiLabview Version2023 Updateq3_patch3
NiLabview Version2023 Updateq3_patch4
NiLabview Version2024 Updateq1
NiLabview Version2024 Updateq1_patch1
NiLabview Version2024 Updateq3
NiLabview Version2024 Updateq3_patch1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.083
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security@ni.com 8.4 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
security@ni.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.