CVE-2025-43400 - Vulnerability Details

- Out‑of‑Bounds Write in Font Processing Leads to Application Termination and Memory Corruption

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.1 and iPadOS 18.7.1, iOS 26.0.1 and iPadOS 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, watchOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.

Published: 2025-09-29

Score: 6.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An out‑of‑bounds write in the font parsing component was addressed with improved bounds checking. The flaw can be triggered by processing a maliciously crafted font, leading to unexpected application termination or corruption of process memory. This weakness is categorized as CWE‑787, which can result in denial‑of‑service or, in some scenarios, give an attacker a foothold to execute code in the context of the affected application.

Affected Systems

The vulnerability affects Apple operating systems including iOS 18.7.1 and iOS 26.0.1, iPadOS 18.7.1 and iPadOS 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, and watchOS 26.1. Devices running these OS versions could be impacted by loading a malicious font file.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity, and the EPSS score is less than 1 %, implying a low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Exploitation likely requires local access to an application that processes fonts, making it a potential local privilege escalation or denial‑of‑service vector when a user opens a crafted font file.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

iOS and iPadOS

affected

Version	Status	Constraints
`0`	affected	< 18.7.1
`0`	affected	< 26.0.1

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 14.8.1
`0`	affected	< 15.7.1
`0`	affected	< 26.0.1

Apple

tvOS

affected

Version	Status	Constraints
`0`	affected	< 26.1

Apple

visionOS

affected

Version	Status	Constraints
`0`	affected	< 26.0.1

Apple

watchOS

affected

Version	Status	Constraints
`0`	affected	< 26.1

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados:26.0:::::::*
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os:26.0:::::::*
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos:26.0:::::::*
	cpe:2.3:o:apple:visionos::::::::

No data.

Vendor	Product	Confidence	Versions
Apple	Ios	—	—
Apple	Ipados	—	—
Apple	Macos	—	—
Apple	Macos Sequoia	—	—
Apple	Macos Sonoma	—	—
Apple	Macos Tahoe	—	—
Apple	Visionos	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest official Apple update for the affected operating system – iOS 18.7.1 or 26.0.1, iPadOS 18.7.1 or 26.0.1, macOS Sequoia 15.7.1, Sonoma 14.8.1, Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, or watchOS 26.1.
Limit or vet the font files that applications can load, and consider disabling custom font installation when possible.
Apply and test any application‑level updates that add safer handling of font rendering or provide additional bounds checks.

Generated by OpenCVE AI on April 22, 2026 at 22:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-31597	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00163.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Sep/73
http://seclists.org/fulldisclosure/2025/Sep/76
http://seclists.org/fulldisclosure/2025/Sep/78
https://support.apple.com/en-us/125326
https://support.apple.com/en-us/125327
https://support.apple.com/en-us/125328
https://support.apple.com/en-us/125329
https://support.apple.com/en-us/125330
https://support.apple.com/en-us/125338
https://support.apple.com/en-us/125637
https://support.apple.com/en-us/125639

History

Wed, 22 Apr 2026 22:30:00 +0000

Type	Values Removed	Values Added
Title		Out‑of‑Bounds Write in Font Processing Leads to Application Termination and Memory Corruption

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.1, tvOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.1 and iPadOS 18.7.1, iOS 26.0.1 and iPadOS 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, watchOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.
References		https://support.apple.com/en-us/125326 https://support.apple.com/en-us/125327 https://support.apple.com/en-us/125328 https://support.apple.com/en-us/125329 https://support.apple.com/en-us/125330 https://support.apple.com/en-us/125338

Tue, 04 Nov 2025 22:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Sep/73 http://seclists.org/fulldisclosure/2025/Sep/76

Tue, 04 Nov 2025 02:30:00 +0000

Type	Values Removed	Values Added
References	https://support.apple.com/en-us/125326 https://support.apple.com/en-us/125327 https://support.apple.com/en-us/125328 https://support.apple.com/en-us/125329 https://support.apple.com/en-us/125330 https://support.apple.com/en-us/125338

Tue, 04 Nov 2025 01:45:00 +0000

Type	Values Removed	Values Added
Description	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.1, tvOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.
References		https://support.apple.com/en-us/125637 https://support.apple.com/en-us/125639

Mon, 03 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Sep/78

Tue, 30 Sep 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple iphone Os
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:ipados:26.0:::::::* cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:iphone_os:26.0:::::::* cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:macos:26.0:::::::* cpe:2.3:o:apple:visionos::::::::
Vendors & Products		Apple iphone Os

Tue, 30 Sep 2025 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ios Apple ipados Apple macos Apple macos Sequoia Apple macos Sonoma Apple macos Tahoe Apple visionos
Vendors & Products		Apple Apple ios Apple ipados Apple macos Apple macos Sequoia Apple macos Sonoma Apple macos Tahoe Apple visionos

Mon, 29 Sep 2025 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
Metrics		cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 29 Sep 2025 18:15:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.
References		https://support.apple.com/en-us/125326 https://support.apple.com/en-us/125327 https://support.apple.com/en-us/125328 https://support.apple.com/en-us/125329 https://support.apple.com/en-us/125330 https://support.apple.com/en-us/125338

Subscriptions

Apple Ios Ipados Iphone Os Macos Macos Sequoia Macos Sonoma Macos Tahoe Visionos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-09-29T18:03:35.300Z

Updated: 2026-04-02T18:22:31.861Z

Reserved: 2025-04-16T15:24:37.119Z

Link: CVE-2025-43400

Vulnrichment

Updated: 2025-11-04T22:06:38.685Z

NVD

Status : Modified

Published: 2025-09-29T18:15:31.620

Modified: 2026-04-02T19:20:39.930

Link: CVE-2025-43400

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T22:15:26Z

Weaknesses

CWE-787

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object