Description
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. Parsing a file may lead to an unexpected app termination.
Published: 2025-11-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out‑of‑Bounds Write leading to unexpected app termination
Action: Upgrade
AI Analysis

Impact

An out‑of‑bounds write vulnerability was identified in macOS that occurs during file parsing. The flaw, classified as CWE‑787, allows a malformed file to corrupt memory, causing the target application to terminate unexpectedly. The primary consequence is a denial‑of‑service effect for the affected application, compromising availability rather than confidentiality or integrity.

Affected Systems

Apple macOS is affected. The issue has been resolved in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and macOS Tahoe 26.1. Systems running earlier releases of any of these macOS families are vulnerable and must be updated to the specified fixed versions.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation at the current time, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a local or remote application that parses user‑supplied files; an attacker must supply a crafted file that triggers the out‑of‑bounds write, leading to application crash. No mention of remote code execution or privilege escalation is provided, so the risk remains confined to local denial of service for the apps that process the file.

Generated by OpenCVE AI on April 28, 2026 at 10:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Sequoia 15.7.2 or later, Sonoma 14.8.2 or later, or Tahoe 26.1 or later to apply the fixed input validation
  • Configure macOS to automatically install security updates
  • Restrict the use of applications that parse files to only trusted sources, or isolate them in a sandboxed environment

Generated by OpenCVE AI on April 28, 2026 at 10:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 10:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write Leading to Unexpected App Termination in macOS File Parsing

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. Parsing a file may lead to an unexpected app termination. An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. Parsing a file may lead to an unexpected app termination.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. Parsing a file may lead to an unexpected app termination. An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. Parsing a file may lead to an unexpected app termination.
References

Tue, 04 Nov 2025 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Tue, 04 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. Parsing a file may lead to an unexpected app termination.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:21:58.350Z

Reserved: 2025-04-16T15:24:37.115Z

Link: CVE-2025-43380

cve-icon Vulnrichment

Updated: 2025-11-04T14:29:31.320Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:45.097

Modified: 2026-04-02T19:20:36.613

Link: CVE-2025-43380

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:30:29Z

Weaknesses