CVE-2024-13524

MEDIUM

OBS Studio <30.0.2 - Untrusted Search Path

Title source: llm

Description

A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. The vendor disagrees that this issue is "something worth reporting, as every attack surface requires privileged access/user compromise".

References (4)

[Permissions Required, VDB Entry] https://vuldb.com/?id.292495

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.292495

[Permissions Required, VDB Entry] https://vuldb.com/?submit.480875

[Issue Tracking] https://github.com/obsproject/obs-studio/pull/11569

Scores

CVSS v3 4.5

EPSS 0.0001

EPSS Percentile 1.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-426

Status published

Products (3)

obsproject/OBS Studio 30.0.0

obsproject/OBS Studio 30.0.1

obsproject/OBS Studio 30.0.2

Published Jan 20, 2025

Tracked Since Feb 18, 2026