Heap-based Buffer Overflow

CVE-2024-46993

High

7.3/10

Summary

Electron is an open-source framework for writing cross-platform desktop applications using JavaScript, HTML, and CSS. In versions prior to 28.3.2, 29.0.x prior to 29.3.3, and 30.0.x prior to 30.0.3, the 'nativeImage.createFromPath()' and 'nativeImage.createFromBuffer()' functions call a function downstream that is vulnerable to a Heap-based Buffer Overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.

Attack Complexity: HIGH
Attack Vector: LOCAL
User Interaction: NONE
Privileges Required: LOW

CWE-122 - Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References

Advisory

Advisory Timeline

Published Jun 30, 2025

Heap-based Buffer Overflow

CVE-2024-46993

Summary

CWE-122 - Heap-based Buffer Overflow

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS