{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-10495","assignerOrgId":"bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4","state":"PUBLISHED","assignerShortName":"NI","dateReserved":"2024-10-29T14:41:27.738Z","datePublished":"2024-12-10T15:52:43.177Z","dateUpdated":"2024-12-10T20:18:12.830Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows","Linux"],"product":"LabVIEW","vendor":"NI","versions":[{"lessThanOrEqual":"22.3.3","status":"affected","version":"0","versionType":"semver"},{"lessThanOrEqual":"23.3.4","status":"affected","version":"23.0","versionType":"semver"},{"lessThanOrEqual":"24.3.1","status":"affected","version":"24.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Michael Heinzl working with CISA"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution.  Successful exploitation requires an attacker to provide a user with a specially crafted VI.  This vulnerability affects LabVIEW 2024 Q3 and prior versions.</p>"}],"value":"An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution.  Successful exploitation requires an attacker to provide a user with a specially crafted VI.  This vulnerability affects LabVIEW 2024 Q3 and prior versions."}],"impacts":[{"capecId":"CAPEC-100","descriptions":[{"lang":"en","value":"CAPEC-100 Overflow Buffers"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.4,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1285","description":"CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4","shortName":"NI","dateUpdated":"2024-12-10T15:52:43.177Z"},"references":[{"url":"https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html"}],"source":{"discovery":"UNKNOWN"},"title":"Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-10T20:17:52.101424Z","id":"CVE-2024-10495","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-10T20:18:12.830Z"}}]}}