CVE-2024-10494

Name of the Vulnerable Software and Affected Versions NI LabVIEW versions prior to 2024 Q3

Description An out of bounds read due to improper input validation in HeapObjMapImpl.cpp may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.

Recommendations For versions prior to 2024 Q3, update to a version that includes the fix for the improper input validation issue in HeapObjMapImpl.cpp to prevent potential information disclosure or arbitrary code execution. As a temporary workaround, consider restricting the use of specially crafted VIs to minimize the risk of exploitation.