{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-42883", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2023-09-14T19:05:11.455Z", "datePublished": "2023-12-12T00:27:16.184Z", "dateUpdated": "2024-08-28T14:58:08.465Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing an image may lead to a denial-of-service"}]}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "10.2", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service."}], "references": [{"url": "https://support.apple.com/en-us/HT214039"}, {"url": "https://support.apple.com/en-us/HT214035"}, {"url": "https://support.apple.com/en-us/HT214034"}, {"url": "https://support.apple.com/en-us/HT214040"}, {"url": "https://support.apple.com/en-us/HT214036"}, {"url": "https://support.apple.com/en-us/HT214041"}, {"url": "https://support.apple.com/kb/HT214034"}, {"url": "https://support.apple.com/kb/HT214039"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/9"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/7"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/8"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/6"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/13"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/12"}, {"url": "http://www.openwall.com/lists/oss-security/2023/12/18/1"}, {"url": "https://www.debian.org/security/2023/dsa-5580"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2023-12-12T00:27:16.184Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:25.076Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214039", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214035", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214034", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214040", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214036", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214041", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214034", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214039", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/9", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/7", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/8", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/6", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/13", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/12", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/12/18/1", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5580", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T14:57:46.167653Z", "id": "CVE-2023-42883", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T14:58:08.465Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214039", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214035", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214034", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214040", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214036", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214041", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214034", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214039", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/9", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/7", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/8", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/6", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/13", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/12", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/12/18/1", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5580", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:25.076Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-42883", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-28T14:57:46.167653Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T14:58:03.917Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "10.2", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214039"}, {"url": "https://support.apple.com/en-us/HT214035"}, {"url": "https://support.apple.com/en-us/HT214034"}, {"url": "https://support.apple.com/en-us/HT214040"}, {"url": "https://support.apple.com/en-us/HT214036"}, {"url": "https://support.apple.com/en-us/HT214041"}, {"url": "https://support.apple.com/kb/HT214034"}, {"url": "https://support.apple.com/kb/HT214039"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/9"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/7"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/8"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/6"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/13"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/12"}, {"url": "http://www.openwall.com/lists/oss-security/2023/12/18/1"}, {"url": "https://www.debian.org/security/2023/dsa-5580"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing an image may lead to a denial-of-service"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2023-12-12T00:27:16.184Z"}}}, "cveMetadata": {"cveId": "CVE-2023-42883", "state": "PUBLISHED", "dateUpdated": "2024-08-28T14:58:08.465Z", "dateReserved": "2023-09-14T19:05:11.455Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2023-12-12T00:27:16.184Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "A894FAB1-74AE-4B4F-A005-ED6A67606414", "versionEndExcluding": "17.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "158A9F27-6C9F-4B9A-82EC-087E6B79E1F7", "versionEndExcluding": "16.7.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0997B97-8D18-41AC-85DD-3605A5DBCA35", "versionEndExcluding": "17.2", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5968985-0FC1-4280-96AE-B0E55156B2C9", "versionEndExcluding": "16.7.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6DB531C-9534-461D-87D4-C2BA2BD1D9F6", "versionEndExcluding": "17.2", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD", "versionEndExcluding": "14.2", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "780F2778-8AE1-4C48-8ADF-D4B7D44C3987", "versionEndExcluding": "17.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "1183933F-F52A-45A7-B118-FC8B8BDD5509", "versionEndExcluding": "10.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service."}, {"lang": "es", "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en Safari 17.2, macOS Sonoma 14.2, iOS 17.2 y iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 y iPadOS 16.7.3. Procesar una imagen puede dar lugar a una denegaci\u00f3n de servicio."}], "id": "CVE-2023-42883", "lastModified": "2024-06-12T10:15:26.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-12T01:15:11.330", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Dec/12"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Dec/13"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Dec/6"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Dec/7"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Dec/8"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Dec/9"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/12/18/1"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214034"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214035"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214036"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214039"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214040"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214041"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/kb/HT214034"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/kb/HT214039"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5580"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:2982", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.42.5-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2126", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.42.5-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: processing a malicious image may lead to a denial of service", "id": "2254326", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-119->CWE-20", "details": ["The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.", "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing a malicious image, which could result in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-42883", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-12-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-42883\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-42883"], "threat_severity": "Moderate"}