CVE-2024-21525
CVSS 3.1 Score 8.3 of 10 (high)
Details
Summary
CVE-2024-21525 is a newly identified cybersecurity vulnerability affecting all versions of the node-twain package. The issue arises from a buffer overflow vulnerability caused by an improper check or handling of exceptional conditions. This occurs when creating a new instance of twain.TwainSDK with productName or productFamily, manufacturer, or version.info properties of length 34 characters or more. The length of the source data is not adequately checked, leading to an overflow condition. This vulnerability could potentially be exploited by attackers to execute arbitrary code or cause a denial-of-service condition, posing a serious threat to applications using node-twain. It is essential for users to promptly update their package to a secure version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.