CVE-2024-53320

Critical

Published: 31 January 2025

Published

31 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0050 66.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the GetCurrentFrame, SaveCapture, and LoadProject functions.

Security Summary

CVE-2024-53320 is a critical vulnerability in the Qualisys C++ SDK at commit a32a21a, involving multiple stack buffer overflows triggered via the GetCurrentFrame, SaveCapture, and LoadProject functions. Classified under CWE-120, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its severe potential impact.

The vulnerability enables remote exploitation over the network with low complexity, requiring no privileges or user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution or system crashes on affected systems integrating the vulnerable SDK.

Mitigation details are documented in the GitHub issue at https://github.com/qualisys/qualisys_cpp_sdk/issues/47. Security practitioners should review this reference for patches or workarounds specific to the SDK.

Details

CWE(s): CWE-120

References

https://github.com/qualisys/qualisys_cpp_sdk/issues/47
cve@mitre.org