CVE-2024-48091

HIGH

Tally Prime Edit Log <2.1 - Code Injection

Title source: llm

Description

Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.

References (2)

[Various Sources] https://gist.github.com/singhmanpreet493/0f1df7fa4e744a3317877ab85d187937#file-gistfile1-txt

[Various Sources] https://tallysolutions.com/download/

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 8.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Timeline

Published Feb 07, 2025

Tracked Since Feb 18, 2026