#VU91691 Use-after-free in Zoom Video Communications, Inc. products - CVE-2024-27246
Published: June 11, 2024
Vulnerability identifier: #VU91691
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-27246
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for macOS
Zoom Workplace Desktop App for Linux
Zoom Workplace App for Android
Zoom Workplace App for iOS
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for macOS
Zoom Workplace Desktop App for Linux
Zoom Workplace App for Android
Zoom Workplace App for iOS
Software vendor:
Zoom Video Communications, Inc.
Zoom Video Communications, Inc.
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error. A remote attacker can pass specially crafted data to the application and crash it.
Remediation
Install updates from vendor's website.