{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-10496","assignerOrgId":"bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4","state":"PUBLISHED","assignerShortName":"NI","dateReserved":"2024-10-29T14:41:29.031Z","datePublished":"2024-12-10T15:55:46.698Z","dateUpdated":"2024-12-10T20:10:51.547Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows","Linux"],"product":"LabVIEW","vendor":"NI","versions":[{"lessThanOrEqual":"22.3.3","status":"affected","version":"0","versionType":"semver"},{"lessThanOrEqual":"23.3.4","status":"affected","version":"23.0","versionType":"semver"},{"lessThanOrEqual":"224.3.1","status":"affected","version":"24.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Michael Heinzl working with CISA"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution.  Successful exploitation requires an attacker to provide a user with a specially crafted VI.  This vulnerability affects LabVIEW 2024 Q3 and prior versions.</p>"}],"value":"An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution.  Successful exploitation requires an attacker to provide a user with a specially crafted VI.  This vulnerability affects LabVIEW 2024 Q3 and prior versions."}],"impacts":[{"capecId":"CAPEC-100","descriptions":[{"lang":"en","value":"CAPEC-100 Overflow Buffers"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.4,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1285","description":"CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4","shortName":"NI","dateUpdated":"2024-12-10T15:55:46.698Z"},"references":[{"url":"https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html"}],"source":{"discovery":"UNKNOWN"},"title":"Out of bounds read in BuildFontMap in fontmgr.cpp in NI LabVIEW","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-10T20:10:39.011562Z","id":"CVE-2024-10496","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-10T20:10:51.547Z"}}]}}