Michael Heinzl

Name of the Vulnerable Software and Affected Versions NI LabVIEW versions 2026 Q1 (26.1.0) and prior Description A memory corruption issue exists due to an out-of-bounds read in the `aligned free()` function within mgcore SH 25 3 in NI LabVIEW. Successful exploitation requires a user to open a specially crafted VI file, potentially leading to information disclosure or arbitrary code execution. Recommendations Update to a version later than 2026 Q1 (26.1.0).

Name of the Vulnerable Software and Affected Versions NI LabVIEW versions prior to 26.1.0 Description A memory corruption issue exists due to an out-of-bounds write in the `ResFileFactory::InitResourceMgr()` function. This can lead to information disclosure or arbitrary code execution. An attacker can exploit this by getting a user to open a specially crafted VI file. Recommendations Update to a version later than 26.1.0.

Name of the Vulnerable Software and Affected Versions NI LabVIEW versions prior to 2026 Q1 (26.1.0) Description A memory corruption issue exists due to an out-of-bounds read in the `sentry transaction context set operation()` function within NI LabVIEW. Successful exploitation requires a user to open a specially crafted VI file, potentially leading to information disclosure or arbitrary code execution. Recommendations Update to a version later than 2026 Q1 (26.1.0).

Name of the Vulnerable Software and Affected Versions V-SFT versions 6.2.10.0 and prior Description V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read issue in the `VS6MemInIF!set temp type default` function. Opening a specially crafted V7 file may result in information disclosure. Recommendations Update V-SFT to a version later than 6.2.10.0.

Name of the Vulnerable Software and Affected Versions V-SFT versions 6.2.10.0 and prior Description V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in `VS6ComFile!get macro mem COM`. Opening a crafted V7 file may lead to information disclosure from the affected product. Recommendations Update V-SFT to a version later than 6.2.10.0.

Name of the Vulnerable Software and Affected Versions V-SFT versions 6.2.10.0 and prior Description V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read issue in the VS6ComFile!load link inf component. Opening a specially crafted V7 file may lead to information disclosure. Recommendations Update V-SFT to a version later than 6.2.10.0.

Name of the Vulnerable Software and Affected Versions V-SFT versions 6.2.10.0 and prior Description V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in `VS6ComFile!CSaveData:: conv AnimationItem`. Opening a crafted V7 file may lead to arbitrary code execution. Recommendations Update to a version later than 6.2.10.0.

Name of the Vulnerable Software and Affected Versions V-SFT versions 6.2.10.0 and prior Description V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in `VS6ComFile!CV7BaseMap::WriteV7DataToRom`. Opening a crafted V7 file may lead to arbitrary code execution. Recommendations Update to a version later than 6.2.10.0.

**Name of the Vulnerable Software and Affected Versions** NI LabVIEW versions 2025 Q3 (25.3) and prior **Description** An out of bounds read issue exists in NI LabVIEW within the `lvre!DataSizeTDR()` function when processing a damaged VI file. Exploitation of this issue could lead to information disclosure or arbitrary code execution. A successful attack requires a user to open a specifically designed VI file. **Recommendations** Update to a version later than 2025 Q3 (25.3).

**Name of the Vulnerable Software and Affected Versions** NI LabVIEW versions 2025 Q3 (25.3) and prior **Description** An out of bounds read issue exists in NI LabVIEW within the `ExecPostedProcRecPost()` function when processing a damaged VI file. This can lead to information disclosure or arbitrary code execution if a user opens a specifically designed VI file. **Recommendations** Update to a version later than 2025 Q3 (25.3).

**Name of the Vulnerable Software and Affected Versions** NI LabVIEW versions prior to 25.3 **Description** An out of bounds write issue exists in NI LabVIEW within the `RevBL()` function when processing a damaged VI file. This can lead to information disclosure or arbitrary code execution if an attacker successfully tricks a user into opening a specifically designed VI file. **Recommendations** Update to a version later than 25.3.

**Name of the Vulnerable Software and Affected Versions** NI LabVIEW versions prior to 2025 Q3 (25.3) **Description** A stack-based buffer overflow exists in the `LVResFile::FindRsrcListEntry()` function when parsing a corrupted VI file. Successful exploitation requires a user to open a specially crafted VI, potentially leading to information disclosure or arbitrary code execution. **Recommendations** Update to NI LabVIEW 2025 Q3 (25.3) or later.

**Name of the Vulnerable Software and Affected Versions** NI LabVIEW versions 2025 Q3 (25.3) and prior **Description** A use-after-free issue exists in the `sentry span set data()` function when processing a malformed VI file. Exploitation of this issue could lead to information disclosure or arbitrary code execution. Successful exploitation requires an attacker to trick a user into opening a specifically designed VI file. **Recommendations** Update to a version later than 2025 Q3 (25.3).

**Name of the Vulnerable Software and Affected Versions** NI LabVIEW versions prior to 2025 Q3 (25.3) **Description** An out of bounds read issue exists in NI LabVIEW within the `VisaWriteFromFile()` function when processing a corrupted VI file. Exploitation of this issue could lead to information disclosure or arbitrary code execution. A successful attack requires a user to open a specifically designed VI file. **Recommendations** Update to NI LabVIEW 2025 Q3 (25.3) or later.

**Name of the Vulnerable Software and Affected Versions** NI LabVIEW versions prior to 25.3 **Description** An out of bounds read issue exists in NI LabVIEW within the `LVResource::DetachResource()` function when processing a damaged VI file. Exploitation of this issue could lead to information disclosure or arbitrary code execution. A successful attack requires a user to open a specifically designed VI file. **Recommendations** Update to version 25.3 or later.

**Name of the Vulnerable Software and Affected Versions** NI LabVIEW versions prior to 25.3 **Description** An out of bounds read issue exists in NI LabVIEW within the `LVResFile::FindRsrcListEntry()` function when processing a damaged VI file. This can lead to information disclosure or arbitrary code execution. An attacker can exploit this by tricking a user into opening a specifically designed VI file. **Recommendations** Update to NI LabVIEW version 25.3 or later.

**Name of the Vulnerable Software and Affected Versions** NI LabVIEW versions prior to 25.3 **Description** An out of bounds read issue exists in NI LabVIEW within the `LVResFile::RGetMemFileHandle()` function when processing a damaged VI file. Exploitation of this issue could lead to information disclosure or arbitrary code execution. A successful attack requires a user to open a specifically designed VI file. **Recommendations** Update to version 25.3 or later.

**Name of the Vulnerable Software and Affected Versions** AzeoTech DAQFactory version 20.7 (Build 2555) **Description** An Out-of-bounds Read issue exists in AzeoTech DAQFactory release 20.7 (Build 2555). This allows an attacker to read data beyond the boundaries of an allocated buffer. Successful exploitation could lead to information disclosure or a system crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AzeoTech DAQFactory version 20.7 (Build 2555) **Description** An Out-of-bounds Write issue exists in AzeoTech DAQFactory release 20.7 (Build 2555). An attacker can exploit this to cause the program to write data beyond the boundaries of an allocated memory buffer. Successful exploitation may lead to arbitrary code execution or a system crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AzeoTech DAQFactory version 20.7 (Build 2555) **Description** An Access of Uninitialized Pointer issue exists in the software that could allow an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.