Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2024-46993

Impact

The nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.

Workaround

There are no app-side workarounds for this issue. You must update your Electron version to be protected.

Patches

  • v28.3.2
  • v29.3.3
  • v30.0.3

For More Information

If you have any questions or comments about this advisory, email us at [email protected].

No technical information available.

CWEs:

Software From Fixed in
electron - 28.3.2
electron 29.0.0-alpha.1 29.3.3
electron 30.0.0-alpha.1 30.0.3