CVE-2026-42958 PUBLISHED

Use After Free in Labcenter Proteus

Assigner: icscert
Reserved: 03.06.2026 Published: 07.07.2026 Updated: 08.07.2026

The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to execute arbitrary code in the context of the current process.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.4

Product Status

Vendor Labcenter
Product Proteus
Versions Default: unaffected
  • Version 9.1_SP4_Build-42914 is affected

Solutions

Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly.

If you have questions or need help please contact Labcenter or your local distributor.

Credits

  • Michael Heinzl reported these vulnerabilities to CISA. finder

References

Problem Types

  • CWE-416 Use after free CWE