CVE-2024-27763

Summary

CVE-2024-27763 is a new vulnerability affecting XPixelGroup's BasicSR version 1.4.2 and below. This issue permits local code execution, but only in specific circumstances. When the command "scontrol show hostname" is executed in conjunction with a carefully crafted SLURM_NODELIST environment variable, attackers can take advantage of this vulnerability to run arbitrary code on the affected system. This poses a significant security risk, especially in environments where users have the ability to set environment variables. It is recommended that users upgrade to the latest version of XPixelGroup's BasicSR software to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.