Description
A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination.
Published: 2025-04-30
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A buffer overflow vulnerability in the Apple AirPlay audio and video SDKs permits an attacker to cause a crash of the application handling the audio or video stream, resulting in a denial of service. The weakness is a classic stack-based buffer overflow (CWE-120), which can be triggered by supplying a specially crafted input to the SDK’s processing routine.

Affected Systems

Affected products are Apple AirPlay audio SDK and AirPlay video SDK. The vulnerability is fixed in AirPlay audio SDK version 2.7.1 and AirPlay video SDK version 3.6.0.126. Devices or systems using older versions of either SDK are susceptible.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, and the EPSS score of less than 1 % suggests low probability of exploitation at the current time. The vulnerability has not been listed in the CISA KEV catalog. The likely attack vector is a local network attacker who can reach the device running the SDK and send malicious data. If exploited, the attacker can disrupt service but has no direct path to remote code execution or data compromise based on the current description.

Generated by OpenCVE AI on April 28, 2026 at 02:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade AirPlay audio SDK to version 2.7.1 or newer
  • Upgrade AirPlay video SDK to version 3.6.0.126 or newer
  • If a patch cannot be applied immediately, isolate the affected device from untrusted local network traffic or enforce strict application firewall rules

Generated by OpenCVE AI on April 28, 2026 at 02:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-12771 A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.
References
Link Providers
https://support.apple.com/en-us/122403 cve-icon cve-icon
History

Tue, 28 Apr 2026 02:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Apple AirPlay SDKs on Local Network

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination. A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination.

Mon, 12 May 2025 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple airplay Audio Software Development Kit
Apple airplay Video Software Development Kit
Apple carplay Communication Plug-in
CPEs cpe:2.3:a:apple:airplay_audio_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:airplay_video_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:carplay_communication_plug-in:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple airplay Audio Software Development Kit
Apple airplay Video Software Development Kit
Apple carplay Communication Plug-in

Thu, 01 May 2025 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 30 Apr 2025 21:00:00 +0000

Type Values Removed Values Added
Description A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.
References

Subscriptions

Apple Airplay Audio Software Development Kit Airplay Video Software Development Kit Carplay Communication Plug-in
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:14:32.762Z

Reserved: 2025-03-22T00:04:43.714Z

Link: CVE-2025-30422

cve-icon Vulnrichment

Updated: 2025-05-01T13:09:18.766Z

cve-icon NVD

Status : Modified

Published: 2025-04-30T21:15:54.700

Modified: 2026-04-02T19:19:33.583

Link: CVE-2025-30422

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:15:18Z

Weaknesses