CVE-2024-10496: Out of bounds read in BuildFontMap in fontmgr.cpp in NI LabVIEW
First published: Tue Dec 10 2024(Updated: )
An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.
Credit: security@ni.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| National Instruments LabVIEW | <2024 Q3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-10496?
CVE-2024-10496 has a high severity rating due to the potential for information disclosure and arbitrary code execution.
How do I fix CVE-2024-10496?
To mitigate CVE-2024-10496, update NI LabVIEW to a version later than 2024 Q3 that addresses this vulnerability.
What type of vulnerability is CVE-2024-10496?
CVE-2024-10496 is classified as an out of bounds read vulnerability due to improper input validation.
Who is affected by CVE-2024-10496?
Users of NI LabVIEW versions up to but not including 2024 Q3 are affected by CVE-2024-10496.
What could an attacker do by exploiting CVE-2024-10496?
An attacker could exploit CVE-2024-10496 to disclose sensitive information or execute arbitrary code on the affected system.
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ni
- canonical/national instruments labview