Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing an image may lead to a denial-of-service.
Published: 2025-01-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via image processing
Action: Patch promptly
AI Analysis

Impact

An issue with memory handling in Apple operating systems was discovered, where processing an image can lead to a denial‑of‑service. The flaw places no immediate threat of data exposure or privilege escalation; instead it can cause application or system crashes that disrupt user availability. The vulnerability is categorized as a resource exhaustion weakness, matching CWE‑770.

Affected Systems

Apple iOS, iPadOS, macOS, tvOS, visionOS and watchOS are affected. The memory‑handling fix is included in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3 and watchOS 11.3.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate risk, and the EPSS score of less than 1% implies low probability of current exploitation, which is further supported by its absence from the CISA KEV catalog. Attackers would need to supply crafted image data to trigger the crash, an input that could be supplied by a malicious application or a compromised service. Because the exploit does not provide remote code execution or data compromise, the main danger is to service availability. The likelihood of exploitation remains low but should not be ignored.

Generated by OpenCVE AI on April 28, 2026 at 03:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS updates that contain the memory‑handling fix: iOS 18.3, iPadOS 18.3 or 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3 and watchOS 11.3.
  • If an update is not yet available, limit or suspend image‑processing functionalities until the fix can be applied, especially for critical or externally exposed services.
  • Monitor system logs and crash reports for repeated image‑processing failures, and investigate any anomalous patterns that may indicate exploitation attempts.

Generated by OpenCVE AI on April 28, 2026 at 03:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3608 The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.
History

Tue, 28 Apr 2026 04:15:00 +0000

Type Values Removed Values Added
Title Improved Memory Handling Causes Denial of Service in Image Processing

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service. The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing an image may lead to a denial-of-service.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Wed, 05 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Jan 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:10.579Z

Reserved: 2025-01-17T00:00:44.966Z

Link: CVE-2025-24086

cve-icon Vulnrichment

Updated: 2025-01-28T16:03:14.108Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:15.080

Modified: 2026-04-02T19:18:56.740

Link: CVE-2025-24086

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:00:05Z

Weaknesses