Cyber Resilience

CVE-2024-53319

High

Published: 31 January 2025

Published
31 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0048 65.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53319 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 34.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-53319 is a heap buffer overflow vulnerability in the XML Text Escaping component of the Qualisys C++ SDK at commit a32a21a. This flaw, classified under CWE-120 (Buffer Copy without Checking Size of Input), enables attackers to trigger a denial of service (DoS) condition by providing input containing special XML characters that exceed buffer boundaries during the escaping process. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for remote disruption without requiring authentication or user interaction.

Attackers can exploit this vulnerability remotely over the network with low complexity and no privileges. By supplying malformed input with special XML characters to any application or service using the affected Qualisys C++ SDK commit, an unauthenticated adversary can cause a heap buffer overflow, leading to application crashes or resource exhaustion that results in DoS. There is no impact on confidentiality or integrity, but the availability disruption can affect dependent systems processing XML data.

Further details on the vulnerability, including potential patches or workarounds, are documented in the GitHub issue at https://github.com/qualisys/qualisys_cpp_sdk/issues/49. Security practitioners using the Qualisys C++ SDK should review this advisory and update to a fixed commit if available to mitigate the risk.

EU & UK References

Vulnerability details

A heap buffer overflow in the XML Text Escaping component of Qualisys C++ SDK commit a32a21a allows attackers to cause Denial of Service (DoS) via escaping special XML characters.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Heap buffer overflow in SDK XML component directly enables remote application crash/resource exhaustion (T1499.004 Application or System Exploitation) resulting in DoS with no auth or interaction required.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20115Shared CWE-120
CVE-2020-37205Shared CWE-120
CVE-2026-28875Shared CWE-120
CVE-2020-37194Shared CWE-120
CVE-2020-37180Shared CWE-120
CVE-2024-24419Shared CWE-120
CVE-2019-25353Shared CWE-120
CVE-2026-30075Shared CWE-120
CVE-2020-37213Shared CWE-120
CVE-2021-47798Shared CWE-120

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the heap buffer overflow flaw in the Qualisys C++ SDK by identifying, prioritizing, and applying updates to fixed commits.

prevent

Implements memory protections such as address space randomization and data execution prevention to minimize the impact of heap buffer overflows exploited by malformed XML inputs.

prevent

Validates XML inputs containing special characters before processing by the vulnerable escaping component, preventing the buffer overflow trigger.

References