High severity7.5NVD Advisory· Published Mar 31, 2017· Updated May 13, 2026

CVE-2017-2775

Description

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.

Affected products

Ni/Labview
cpe:2.3:a:ni:labview:16.0.0.49152:*:*:*:*:*:*:*
National Instruments/LabVIEW 2016 Evaluationv5
Range: 16.0.0.49152

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.talosintelligence.com/reports/TALOS-2017-0269/nvdExploitTechnical DescriptionThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/97020nvdThird Party AdvisoryVDB Entry
www.ni.com/product-documentation/53778/en/nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000