CNNVD-202507-001 Information
CNNVD ID
CNNVD-202507-001
Related CVE
- CNNVD Published: 2025-07-01
Description (Chinese)
Electron是Electron开源的一个用户编写跨平台桌面应用的 JavaScript 框架。该框架基于 nodejs 和 Chromium 可以使用HTML,CSS实现跨平台桌面应用的编写。 Electron 28.3.2、29.3.3和30.0.3之前版本存在安全漏洞,该漏洞源于nativeImage.createFromPath和nativeImage.createFromBuffer函数存在堆缓冲区溢出,可能导致执行任意代码。
Description (English)
Electron is a JavaScript framework for a user from the Electron Open Source that prepares a cross-platform desktop application. The framework is based on nodejs and Chromium for the development of cross-platform desktop applications using HTML, CSS. There was a security loophole in the pre-Electron 28.3.2, 29.3.3 and 30.0.3 versions, which stemmed from the presence of a pile of buffers in the nativeImage.createFromPath and nativeImage.createFromBuffer functions, which could lead to the implementation of any code.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Electron
Published
2025-07-01
Last Modified
2026-02-24
References
https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489 https://access.redhat.com/security/cve/cve-2024-46993
Patch
https://github.com/electron/electron/releases
Share on: