3.3

CVE-2026-34781

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage() may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process. Apps are only affected if they call clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ElectronjsElectron SwPlatformnode.js Version <= 39.8.4
ElectronjsElectron SwPlatformnode.js Version >= 40.0.0 <= 40.8.4
ElectronjsElectron SwPlatformnode.js Version >= 41.0.0 < 41.1.0
ElectronjsElectron Version41.2.0 SwPlatformnode.js
ElectronjsElectron Version42.0.0 Updatealpha1 SwPlatformnode.js
ElectronjsElectron Version42.0.0 Updatealpha2 SwPlatformnode.js
ElectronjsElectron Version42.0.0 Updatealpha3 SwPlatformnode.js
ElectronjsElectron Version42.0.0 Updatealpha4 SwPlatformnode.js
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
security-advisories@github.com 2.8 1.3 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.