An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions.
This vulnerability is identified as CVE-2024-6638.
NI recommends upgrading the affected software to mitigate this vulnerability. Refer to the Affected Products section to download the upgrade.
CVE-2024-6638 – 5.5 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
At NI, we view the security of our products as an important part of our commitment to our customers. Go to ni.com/security to stay informed and act upon security alerts and issues.
NI would like to thank James McNally of Wiresmith Technology for reporting this issue and working with us on coordinated disclosure.
| Product Version | Mitigation |
|---|---|
| LabVIEW 2024 Q1 | Upgrade to LabVIEW 2024 Q3 or later from NI Package Manager or Software Downloads |