2456279 – (CVE-2026-34781) CVE-2026-34781 Electron: Electron: Denial of Service via malformed clipboard image data

Bug 2456279 (CVE-2026-34781) - CVE-2026-34781 Electron: Electron: Denial of Service via malformed clipboard image data

Summary: CVE-2026-34781 Electron: Electron: Denial of Service via malformed clipboard ...

Keywords:
Status:	NEW
Alias:	CVE-2026-34781
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2456388 2456389 2456390
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-07 22:01 UTC by OSIDB Bzimport
Modified:	2026-04-08 09:11 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-07 22:01:43 UTC

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage() may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process. Apps are only affected if they call clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.

Note You need to log in before you can comment on or make changes to this bug.