Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2024-10494

An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

Published: Dec 10, 2024
Updated: May 4, 2025
CVE: CVE-2024-10494
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
ni / labview	2022-q3	2022-q3.x
ni / labview	2024-q1	2024-q1.x
ni / labview	2022-q1	2022-q1.x
ni / labview	2023-q3	2023-q3.x
ni / labview	2023-q1	2023-q1.x
ni / labview	2023-q3_patch2	2023-q3_patch2.x
ni / labview	-	2021.x
ni / labview	2022-q3_patch1	2022-q3_patch1.x
ni / labview	2022-q3_patch2	2022-q3_patch2.x
ni / labview	2023-q3_patch1	2023-q3_patch1.x
ni / labview	2023-q3_patch3	2023-q3_patch3.x
ni / labview	2023-q3_patch4	2023-q3_patch4.x
ni / labview	2024-q1_patch1	2024-q1_patch1.x
ni / labview	2024-q3	2024-q3.x
ni / labview	2024-q3_patch1	2024-q3_patch1.x

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo