GHSA-f37v-82c4-4x64

Source

https://github.com/advisories/GHSA-f37v-82c4-4x64

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-f37v-82c4-4x64/GHSA-f37v-82c4-4x64.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-f37v-82c4-4x64

Aliases

CVE-2026-34781

Published

2026-04-07T15:52:28Z

Modified

2026-04-08T12:11:56.607636Z

Severity

2.8 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Electron: Crash in clipboard.readImage() on malformed clipboard image data

Details

Impact

Apps that call clipboard.readImage() may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process.

Apps are only affected if they call clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution.

Workarounds

Validate that the clipboard contains image data via clipboard.availableFormats() before calling clipboard.readImage(). Note this only narrows the window — upgrading to a fixed version is recommended.

Fixed Versions

42.0.0-alpha.5
41.1.0
40.8.5
39.8.5

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2026-04-07T22:16:23Z",
    "cwe_ids": [
        "CWE-476"
    ],
    "github_reviewed_at": "2026-04-07T15:52:28Z",
    "severity": "LOW"
}

References

Affected packages

npm / electron

Package

Name: electron; View open source insights on deps.dev
Purl: pkg:npm/electron

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

39.8.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-f37v-82c4-4x64/GHSA-f37v-82c4-4x64.json"

npm / electron

Package

Name: electron; View open source insights on deps.dev
Purl: pkg:npm/electron

Affected ranges

Type: SEMVER
Events: Introduced

40.0.0-alpha.1

Fixed

40.8.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-f37v-82c4-4x64/GHSA-f37v-82c4-4x64.json"

npm / electron

Package

Name: electron; View open source insights on deps.dev
Purl: pkg:npm/electron

Affected ranges

Type: SEMVER
Events: Introduced

41.0.0-alpha.1

Fixed

41.1.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-f37v-82c4-4x64/GHSA-f37v-82c4-4x64.json"

npm / electron

Package

Name: electron; View open source insights on deps.dev
Purl: pkg:npm/electron

Affected ranges

Type: SEMVER
Events: Introduced

42.0.0-alpha.1

Fixed

42.0.0-alpha.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-f37v-82c4-4x64/GHSA-f37v-82c4-4x64.json"