MEDIUM

GHSA-6r2x-8pq8-9489

Electron vulnerable to Heap Buffer Overflow in NativeImage

상세

### Impact The `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.

### Workaround There are no app-side workarounds for this issue. You must update your Electron version to be protected.

### Patches

- `v28.3.2` - `v29.3.3` - `v30.0.3`

### For More Information

If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / electron

최초 영향 버전: 0 수정 버전: 28.3.2

수정 npm install electron@28.3.2

npm / electron

최초 영향 버전: 29.0.0-alpha.1 수정 버전: 29.3.3

수정 npm install electron@29.3.3

npm / electron

최초 영향 버전: 30.0.0-alpha.1 수정 버전: 30.0.3

수정 npm install electron@30.0.3

참고

https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489 [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2024-46993 [ADVISORY]
https://github.com/electron/electron [PACKAGE]