CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-2775

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.1%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 6.8

References

http://www.ni.com/product-documentation/53778/en/
http://www.securityfocus.com/bid/97020
http://www.talosintelligence.com/reports/TALOS-2017-0269/
http://www.ni.com/product-documentation/53778/en/
http://www.securityfocus.com/bid/97020
http://www.talosintelligence.com/reports/TALOS-2017-0269/

Products affected by CVE-2017-2775

Ni » Labview » Version: 16.0.0.49152

cpe:2.3:a:ni:labview:16.0.0.49152

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-2775

Products

Pricing

Contact Us