CVE-2024-10495: Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW
First published: Tue Dec 10 2024(Updated: )
An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.
Credit: security@ni.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| National Instruments LabVIEW | <2024 Q3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-10495?
CVE-2024-10495 is rated as a high severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2024-10495?
To mitigate CVE-2024-10495, users should update to the latest version of NI LabVIEW beyond 2024 Q3.
What is the impact of CVE-2024-10495?
The impact of CVE-2024-10495 can include unauthorized information disclosure and possible arbitrary code execution.
Who is affected by CVE-2024-10495?
CVE-2024-10495 affects users running NI LabVIEW versions up to, but not including, 2024 Q3.
What type of vulnerability is CVE-2024-10495?
CVE-2024-10495 is classified as an out of bounds read vulnerability caused by improper input validation.
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ni
- canonical/national instruments labview