CVE-2026-34781

描述

### Impact Apps that call `clipboard.readImage()` may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process. Apps are only affected if they call `clipboard.readImage()`. Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution. ### Workarounds Validate that the clipboard contains image data via `clipboard.availableFormats()` before calling `clipboard.readImage()`. Note this only narrows the window — upgrading to a fixed version is recommended. ### Fixed Versions * `42.0.0-alpha.5` * `41.1.0` * `40.8.5` * `39.8.5` ### For more information If you have any questions or comments about this advisory, email us at [[email protected]](mailto:[email protected])

受影響套件(1)

• npm/electronfrom 0, < 39.8.5

CVSS 分數

參考連結(9)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-34781
• PATCHhttps://github.com/electron/electron
• WEBhttps://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287
• WEBhttps://github.com/electron/electron/pull/50475
• WEBhttps://github.com/electron/electron/releases/tag/v39.8.5
• WEBhttps://github.com/electron/electron/releases/tag/v40.8.5
• WEBhttps://github.com/electron/electron/releases/tag/v41.1.0
• WEBhttps://github.com/electron/electron/releases/tag/v42.0.0-alpha.5
• WEBhttps://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64