CVE-2024-46993 Information

Jul 02, 2025 cve

Description

Electron is an open source framework for writing cross-platform desktop applications using JavaScript HTML and CSS. In versions prior to 28.3.2 29.3.3 and 30.0.3 the nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image’s height width and contents. This issue has been patched in versions 28.3.2 29.3.3 and 30.0.3. There are no workarounds for this issue.

Reference

https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489

CNNVD-202507-001 (Published: 2025-07-01)

Share on:

CVE-2024-46993 Information

Description

Reference

Related CNNVD