CVE-2017-2775

Name of the Vulnerable Software and Affected Versions LabVIEW versions prior to 2015 SP1 f7 Patch LabVIEW versions prior to 2016 f2 Patch

Description A memory corruption issue exists in the LvVariantUnflatten functionality. It can be triggered by a specially crafted VI file, causing a user-controlled value to be used as a loop terminator, which results in internal heap corruption. This could potentially lead to remote code execution if an attacker-controlled VI file is used to exploit the issue.

Recommendations For LabVIEW versions prior to 2015 SP1 f7 Patch, update to 2015 SP1 f7 Patch or later to resolve the issue. For LabVIEW versions prior to 2016 f2 Patch, update to 2016 f2 Patch or later to resolve the issue.