Description
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory.
Published: 2025-09-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption
Action: Patch
AI Analysis

Impact

The vulnerability occurs when processing a maliciously crafted image, leading to memory corruption due to improper bounds checking. This can alter the internal state of the target application and may enable further attacks. The weakness is an out‑of‑bounds write (CWE‑119).

Affected Systems

Apple macOS is affected. The flaw was fixed in macOS Tahoe 26; earlier releases that have not applied this update remain vulnerable. No further product details are supplied, meaning every macOS installation prior to Tahoe 26 can be impacted.

Risk and Exploitability

The CVSS score is 7.1, indicating high severity. The EPSS score is less than 1%, implying low exploitation probability. It is not cataloged in the CISA KEV database. The attack requires delivery of a malicious image, suggesting the vector is user‑initiated or remote download, but the description does not confirm a possible remote execution path.

Generated by OpenCVE AI on April 28, 2026 at 00:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Tahoe 26 or later to apply the memory handling fix.
  • If an update is not immediately available, restrict or disable processing of user‑supplied images in critical applications.
  • Monitor Apple security advisories for any additional patches or mitigations regarding memory corruption vulnerabilities.

Generated by OpenCVE AI on April 28, 2026 at 00:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29324 The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory.
History

Tue, 28 Apr 2026 00:30:00 +0000

Type Values Removed Values Added
Title Improper Memory Handling in macOS Leading to Process Memory Corruption via Malicious Images

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Tue, 16 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:13:33.849Z

Reserved: 2025-04-16T15:24:37.102Z

Link: CVE-2025-43287

cve-icon Vulnrichment

Updated: 2025-11-03T18:10:05.926Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:32.153

Modified: 2025-11-03T19:15:56.633

Link: CVE-2025-43287

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T00:15:05Z

Weaknesses