Description
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.
Published: 2026-04-02
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow in the image handling component can be triggered by a maliciously crafted image. This causes corruption of process memory, potentially allowing an attacker to alter program execution, disclose confidential data, or crash the system. The weakness corresponds to CWE-787, where improper bounds checking leads to illegal memory access.

Affected Systems

Apple macOS is affected. Versions prior to macOS Sequoia 15.6 are vulnerable; the issue is fixed in 15.6 and later releases.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, while the EPSS score of less than 1% suggests low current exploitation probability. It is not listed in the CISA KEV catalog. The likely attack vector is local execution of a malicious image, such as opening a crafted file or receiving it via email or web download. If exploited, an attacker could gain execution privileges or disrupt application availability.

Generated by OpenCVE AI on April 7, 2026 at 09:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Sequoia 15.6 or a newer version

Generated by OpenCVE AI on April 7, 2026 at 09:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/124149 cve-icon cve-icon
History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Memory Corruption via Malicious Image Processing in macOS

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Memory Corruption via Malicious Image Processing
Weaknesses CWE-122

Fri, 03 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Memory Corruption via Malicious Image Processing
First Time appeared Apple
Apple macos
Weaknesses CWE-122
Vendors & Products Apple
Apple macos

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-03T03:55:58.137Z

Reserved: 2025-04-16T15:24:37.090Z

Link: CVE-2025-43219

cve-icon Vulnrichment

Updated: 2026-04-02T19:01:22.805Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T19:20:07.313

Modified: 2026-04-03T17:59:37.837

Link: CVE-2025-43219

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:55:26Z

Weaknesses