OpenCVE

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Ipados Iphone Os Macos Tvos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121240
https://support.apple.com/en-us/121248
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121250
https://support.apple.com/en-us/121567
https://support.apple.com/en-us/121570

History

Tue, 29 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 29 Oct 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple macos Apple tvos Apple watchos
Weaknesses		CWE-120
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:watchos::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple macos Apple tvos Apple watchos
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Mon, 28 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Description		A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination.
References		https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121240 https://support.apple.com/en-us/121248 https://support.apple.com/en-us/121249 https://support.apple.com/en-us/121250 https://support.apple.com/en-us/121567 https://support.apple.com/en-us/121570

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-10-28T21:08:31.771Z

Updated: 2024-10-29T20:39:34.857Z

Reserved: 2024-08-20T21:42:05.920Z

Link: CVE-2024-44144

Vulnrichment

Updated: 2024-10-29T20:18:03.299Z

NVD

Status : Modified

Published: 2024-10-28T21:15:05.397

Modified: 2024-10-29T21:35:14.290

Link: CVE-2024-44144

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object