Description
An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.
Scores
CVSS v3
7.8
EPSS
0.0011
EPSS Percentile
29.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-1285
CWE-125
Status
published
Products (4)
ni/labview
2022 q1 (4 CPE variants)
ni/labview
2023 q1 (6 CPE variants)
ni/labview
2024 q1 (4 CPE variants)
ni/labview
< 2021
Published
Dec 10, 2024
Tracked Since
Feb 18, 2026