Primary

Context

Electron Heap Buffer Overflow Vulnerability in NativeImage Functions

Vulnerability

A heap buffer overflow vulnerability has been identified in Electron versions prior to 28.3.2, 29.0.0-alpha.1 through 29.3.3, and 30.0.0-alpha.1 through 30.0.3. The issue arises in the nativeImage.createFromPath() and nativeImage.createFromBuffer() functions, which call a downstream function susceptible to the overflow. An attacker can exploit this vulnerability if they control the image's dimensions and contents.

Impact

Exploitation of this vulnerability leads to a heap buffer overflow, allowing for potential memory corruption.

Remediation

Users should update Electron to version 28.3.2, 29.3.3, or 30.0.3.

Added: Jul 1, 2025, 3:18 AM

Updated: Jul 1, 2025, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Electron Heap Buffer Overflow Vulnerability in NativeImage Functions

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating