Home > Vulnerability Database > CVE-2024-46993

Mend.io Vulnerability Database

CVE-2024-46993

Good to know:

Date: June 30, 2025

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents. This issue has been patched in versions 28.3.2, 29.3.3, and 30.0.3. There are no workarounds for this issue.

Severity Score

7.0

Related Resources (4)

Url: https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-46993

Url: https://github.com/electron/electron

Url: https://www.mend.io/vulnerability-database/CVE-2024-46993

Severity Score

7.0

Weakness Type (CWE)

Heap-based Buffer Overflow

CWE-122

Top Fix

Upgrade Version

Upgrade to version electron - 30.0.3;electron - 29.3.3;electron - 28.3.2;electron - 28.3.2

Learn More

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-46993

Good to know:

Date: June 30, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?