CVE-2024-30375: 
Homebrew vulnerability analysis and mitigation

A use-after-free remote code execution vulnerability was discovered in Luxion KeyShot Viewer's KSP file parsing functionality, identified as CVE-2024-30375. The vulnerability was reported on December 11, 2023, and publicly disclosed on June 5, 2024. This security flaw affects Luxion KeyShot Viewer versions up to (excluding) 2024.2 (ZDI Advisory, NVD).

The vulnerability stems from the application's failure to validate the existence of an object before performing operations on it during KSP file parsing. It has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-416 (Use After Free) (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process on affected installations of Luxion KeyShot Viewer. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability (ZDI Advisory).

The vendor acknowledged the vulnerability on February 29, 2024, and communicated that a fix would be ready by July 11, 2024. Until a patch is available, the recommended mitigation strategy is to restrict interaction with the application (ZDI Advisory).