CVE-2024-11581

CVSS 3.0 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 125

Summary

CVE-2024-11581 is a remote code execution vulnerability affecting Luxion KeyShot. Malicious jt files can trigger an out-of-bounds read issue in the software's parsing process, which allows attackers to execute arbitrary code on affected installations. User interaction is essential for exploitation, as the target must visit a malicious page or open the malicious file. The root cause of this vulnerability lies in insufficient validation of user-supplied data, leading to reading data before the start of an allocated buffer. This issue was identified as ZDI-CAN-23826.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share