41 matches found
CVE-2017-2779
The CVE-2017-2779 vulnerability affects National Instruments LabVIEW (LabVIEW 2016, 2017, 2015, 2014) where the RSRC segment parsing can be manipulated. In LabVIEW’s RSRC handling, the loop counter and offsets from the RSRC data can be controlled by an attacker via a specially crafted VI file. Th...
CVE-2024-10494
CVE-2024-10494 affects NI LabVIEW prior to or including 2024 Q3. Root cause: an out-of-bounds read in HeapObjMapImpl.cpp due to improper input validation, which may disclose information or allow arbitrary code execution when a user opens a specially crafted VI. Impact is limited to affected LabVI...
CVE-2024-10496
CVE-2024-10496 concerns NI LabVIEW, where an out-of-bounds read arises from improper input validation in the function BuildFontMap (fontmgr.cpp). Affected product/version: LabVIEW 2024 Q3 and earlier. Impact stated in sources: disclosure of information or arbitrary code execution if a user opens ...
CVE-2024-23608
CVE-2024-23608 is an out-of-bounds write in NI LabVIEW caused by a missing bounds check. The issue enables remote code execution when a user is provided with a specially crafted VI, per the vulnerability description and multiple sources. Affected are LabVIEW 2024 Q1 and earlier versions. Several ...
CVE-2025-2630
CVE-2025-2630 is a DLL hijacking vulnerability in NI LabVIEW caused by an uncontrolled search path. The issue affects NI LabVIEW 2025 Q1 and earlier versions; exploitation requires an attacker to drop a malicious DLL into the uncontrolled search path, potentially enabling arbitrary code execution...
CVE-2022-27237
CVE-2022-27237 describes a cross-site scripting (XSS) vulnerability in an NI Web Server component used with several NI products. The advisory indicates the affected surface is the NI Web Server component across multiple NI product deployments, with remediation guidance requiring upgrading to one ...
CVE-2024-23611
CVE-2024-23611 is an out-of-bounds write in National Instruments LabVIEW caused by a missing bounds check, leading to remote code execution on affected installations (LabVIEW 2024 Q1 and earlier). Exploitation requires a user to receive a specially crafted VI; the attacker must entice the user to...
CVE-2013-5022
The CVE-2013-5022 entry concerns an Absolute path traversal via the CWGraph3D ActiveX control (cw3dgrph.ocx) in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products. Root cause: the ExportStyle method accepts a full pathname and, when combined...
CVE-2024-10495
CVE-2024-10495 concerns an out-of-bounds read in NI LabVIEW’s font loading: fontmgr.cpp font table loading can disclose information or allow arbitrary code execution. Exploitation requires a user to open a specially crafted VI, affecting LabVIEW 2024 Q3 and earlier. Connected sources also referen...
CVE-2013-5021
The CVE-2013-5021 issue affects multiple National Instruments CWUI ActiveX controls (CWNumEdit, CWGraph, CWBoolean, CWSlide, CWKnob) used in NI LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and ABB DataManager Data Analysis. A root cause in the ExportStyle() method enables ab...
CVE-2017-2775
CVE-2017-2775 is a memory corruption flaw in NI LabVIEW’s LvVariantUnflatten handling affecting 64-bit LabVIEW 2015 before SP1 f7 and 2016 before f2. A specially crafted VI file can drive an attacker-controlled value as a loop terminator, triggering heap corruption via LV’s ReadTD/BinDataReader p...
CVE-2025-2632
CVE-2025-2632 : NI LabVIEW (2025 Q1 and earlier) is affected by an out-of-bounds write caused by improper bounds checking when reading CPU information from cache. This can lead to information disclosure or arbitrary code execution. Exploitation requires a user to open a specially crafted VI. The ...
CVE-2024-4079
CVE-2024-4079 Details: NI LabVIEW contains an out-of-bounds read due to a missing bounds check in LabVIEW, potentially disclosing info or enabling arbitrary code execution. Exploitation requires a user to open a specially crafted VI and is limited to local attack paths. Affected: LabVIEW 2024 Q1 ...
CVE-2024-23612
NI LabVIEW CVE-2024-23612 is an improper error handling vulnerability affecting LabVIEW 2024 Q1 and earlier. Public docs confirm that exploitation requires a user to open or be presented with a specially crafted VI, potentially enabling remote code execution. Related disclosures (ZDI) describe an...
CVE-2024-23610
CVE-2024-23610 is an out-of-bounds write in National Instruments LabVIEW caused by a missing bounds check in VI parsing, enabling remote code execution. Affected: LabVIEW 2024 Q1 and earlier versions. The exploit requires a user to run a specially crafted VI (per ZDI/NI advisories). Impact: poten...
CVE-2025-2631
NI LabVIEW up to 2025 Q1 is affected by an out-of-bounds write in InitCPUInformation() due to improper bounds checking. This can lead to information disclosure or arbitrary code execution. Exploitation requires a user to open a specially crafted VI (local vector, user interaction needed). Affecte...
CVE-2024-23609
CVE-2024-23609 is an improper error handling vulnerability in NI LabVIEW affecting 2024 Q1 and earlier. A remote code execution risk exists if a user opens a specially crafted VI, as described in the initial report. The exact root cause is unspecified beyond improper error handling; no patch/vers...
CVE-2013-5023
The vulnerability CVE-2013-5023 affects NI software (e.g., LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier) where ActiveX controls in the HelpAsst component of NI Help Links can be triggered to display local CHM files, enabling remote denial of service. The underlying issue is e...
CVE-2024-4080
CVE-2024-4080 is a memory corruption vulnerability in LabVIEW tdcore.dll (affecting LabVIEW 2024 Q1 and earlier). The root cause is an improper length check in tdcore.dll, which could disclose information or allow arbitrary code execution when a user opens a specially crafted VI. Exploitation req...
CVE-2024-4081
CVE-2024-4081 is a memory corruption vulnerability in NI LabVIEW caused by an improper length check in the LabVIEW component (tdcore_24_1.dll is implicated in related CVEs). Affects NI LabVIEW 2024 Q1 and earlier versions. Exploitation requires a user to open a specially crafted VI (local attack ...
CVE-2026-32861
The CVE-2026-32861 entry describes a memory corruption via an out-of-bounds write when NI LabVIEW loads a corrupted LVCLASS file. It affects NI LabVIEW up to and including 2026 Q1 (26.1.0) and earlier versions. The vulnerability may enable information disclosure or arbitrary code execution. Explo...
CVE-2026-32860
The CVE-2026-32860 entry documents a memory corruption vulnerability in NI LabVIEW caused by an out-of-bounds write when loading a corrupted LVLIB file. The flaw may lead to information disclosure or arbitrary code execution. Successful exploitation requires a user to open a specially crafted .lv...
CVE-2024-6638
CVE-2024-6638 affects LabVIEW 2024 Q1 and earlier versions. The issue is an integer overflow in the TDMS file reader caused by improper input validation, which can lead to an infinite loop. Exploitation requires a user to open a specially crafted TDMS file and is a local, user-interaction-based v...
CVE-2025-2629
CVE-2025-2629 is a DLL hijacking vulnerability in NI LabVIEW when loading the NI Error Reporting module. The flaw arises from an uncontrolled search path, allowing an attacker to place a malicious DLL that could be loaded, potentially enabling arbitrary code execution. Affected: NI LabVIEW 2025 Q...
CVE-2025-64463
NI LabVIEW is affected by CVE-2025-64463: an out-of-bounds read in LVResource::DetachResource() when parsing a corrupted VI file. Affected: LabVIEW 2025 Q3 (25.3) and earlier. Impact per sources: information disclosure or arbitrary code execution if a user opens a crafted VI; exploit requires use...
CVE-2025-7361
CVE-2025-7361 affects NI LabVIEW 32-bit up to and including 2025 Q1. The issue is a code injection vulnerability caused by an improper initialization check in CIN nodes, which could allow arbitrary code execution if a user opens a specially crafted VI. LabVIEW 64-bit is not affected because CIN n...
CVE-2025-7849
CVE-2025-7849: NI LabVIEW memory corruption due to improper error handling when a VILinkObj is null. Affects LabVIEW 2025 Q1 and earlier. Requires user to open a crafted VI for exploitation; locally exploitable with user interaction. Remediation: update to a version later than 2025 Q1 (per adviso...
CVE-2025-7848
NI LabVIEW is affected by CVE-2025-7848 due to a memory corruption issue in the lvpict.cpp file caused by improper input validation. Affected products include LabVIEW 2025 Q1 and earlier versions. Exploitation requires a user to open a specially crafted VI, potentially enabling arbitrary code exe...
CVE-2025-2633
NI LabVIEW is affected by CVE-2025-2633 due to an out-of-bounds read in the lvre!UDecStrToNum path, caused by improper bounds checking. This can lead to information disclosure or arbitrary code execution when a user opens a specially crafted VI. Affected products include LabVIEW 2025 Q1 and earli...
CVE-2025-64461
NI LabVIEW is affected by an out-of-bounds write in mgocre_SH_25_3!RevBL() when opening a corrupted VI file, impacting 2025 Q3 (25.3) and earlier. Exploitation requires a user to open a crafted VI and can lead to information disclosure or arbitrary code execution. A patch/update to a version late...
CVE-2025-2634
CVE-2025-2634 describes an out-of-bounds read in NI LabVIEW, specifically the fontmgr component, caused by improper bounds checking. The vulnerability may disclose information or allow arbitrary code execution. Exploitation requires a user to open a specially crafted VI, indicating a user-assiste...
CVE-2025-64468
CVE-2025-64468 describes a use-after-free in NI LabVIEW’s sentry!sentry_span_set_data() when parsing a corrupted VI file. This could lead to information disclosure or arbitrary code execution. Exploitation requires a user to open a specially crafted VI file, and affects LabVIEW 2025 Q3 (25.3) and...
CVE-2025-64469
NI LabVIEW is affected by a stack-based buffer overflow in LVResFile::FindRsrcListEntry() when opening a corrupted VI file. The vulnerability may allow information disclosure or arbitrary code execution. Exploitation requires a user to open a specially crafted VI (local, with user interaction). A...
CVE-2025-64464
NI LabVIEW is affected by an out-of-bounds read in lvre!VisaWriteFromFile() when parsing a corrupted VI file. Successful exploitation may disclose information or allow arbitrary code execution; exploitation requires a user to open a crafted VI. Impact described for LabVIEW 2025 Q3 (25.3) and earl...
CVE-2026-32864
CVE-2026-32864 affects NI LabVIEW (2026 Q1, 26.1.0 and earlier). The vulnerability is a memory corruption due to an out-of-bounds read in mgcore_SH_25_3!aligned_free(), potentially leading to information disclosure or arbitrary code execution. Exploitation requires the user to open a specially cr...
CVE-2025-64462
CVE-2025-64462 affects NI LabVIEW up to 2025 Q3 (25.3) and earlier. The vulnerability is an out-of-bounds read in LVResFile::RGetMemFileHandle() triggered while parsing a corrupted VI file, potentially leading to information disclosure or arbitrary code execution. Exploitation requires a user to ...
CVE-2025-64466
CVE-2025-64466 is an out-of-bounds read in NI LabVIEW’s lvre!ExecPostedProcRecPost() triggered while parsing a corrupted VI file. Affects LabVIEW 2025 Q3 (25.3) and earlier. Impact stated: information disclosure or arbitrary code execution; exploitation requires a user to open a specially crafted...
CVE-2026-32863
NI LabVIEW (2026 Q1 26.1.0 and earlier) contains a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation(). This may lead to information disclosure or arbitrary code execution. Exploitation requires a user to open a specially crafted VI file, ind...
CVE-2025-64465
CVE-2025-64465 is an out-of-bounds read in NI LabVIEW’s lvre!DataSizeTDR() when parsing a corrupted VI file. Affected: NI LabVIEW 2025 Q3 (25.3) and earlier. Impact: information disclosure or arbitrary code execution if a user opens a specially crafted VI. Exploitation condition: user interaction...
CVE-2025-64467
NI LabVIEW
CVE-2026-32862
NI LabVIEW contains a memory corruption vulnerability (CVE-2026-32862) caused by an out-of-bounds write in ResFileFactory::InitResourceMgr(). The issue can lead to information disclosure or arbitrary code execution and requires a user to open a specially crafted VI file. Affected products: NI Lab...