CVE-2024-10495

HIGH

NI Labview < 2021 - Out-of-Bounds Access

Title source: rule

Description

An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

References (1)

[Vendor Advisory] https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html

Scores

CVSS v3 7.8

EPSS 0.0011

EPSS Percentile 29.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1285 CWE-125

Status published

Products (4)

ni/labview 2022 q1 (4 CPE variants)

ni/labview 2023 q1 (6 CPE variants)

ni/labview 2024 q1 (4 CPE variants)

ni/labview < 2021

Published Dec 10, 2024

Tracked Since Feb 18, 2026