Description
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. Parsing a maliciously crafted file may lead to an unexpected app termination.
Published: 2026-03-25
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow flaw classified as CWE‑119, CWE‑125, and CWE‑787 in Apple’s operating systems leads to an unexpected termination of applications when they parse a specially crafted file. The error arises from improper bounds checking during memory handling, causing an out‑of‑bounds write or read that ultimately crashes the target app. Based on the description, it is inferred that no code execution or privilege escalation path exists; the primary consequence is a denial of service for the affected application.

Affected Systems

Apple’s mobile and desktop platforms—iOS, iPadOS, macOS, and visionOS—are impacted. Versions older than iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and visionOS 26.4 contain the vulnerability and have been fixed in the listed releases and later.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, while the EPSS score of less than 1 % suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local or requires delivery of a malicious file to the target device; an attacker would need to supply a crafted file that the target application parses. Because the fault results only in a crash, the risk is limited to denial of service rather than privilege escalation or data loss.

Generated by OpenCVE AI on May 11, 2026 at 23:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to iOS 18.7.7 or later
  • Update to iPadOS 18.7.7 or later
  • Update to macOS Sequoia 15.7.5 or later
  • Update to macOS Sonoma 14.8.5 or later
  • Update to visionOS 26.4 or later
  • Avoid opening or executing suspicious files that could trigger the crash

Generated by OpenCVE AI on May 11, 2026 at 23:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 00:00:00 +0000

Type Values Removed Values Added
Title File Parsing Bug Causes App Crash

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. Parsing a maliciously crafted file may lead to an unexpected app termination.
References

Fri, 27 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
Title File Parsing Bug Causes App Crash

Thu, 26 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-125
CWE-787
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Unexpected Application Crash via Malformed File Parsing on Apple Operating Systems
Weaknesses CWE-119
CWE-125

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Unexpected Application Crash via Malformed File Parsing on Apple Operating Systems
Weaknesses CWE-119
CWE-125

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Vendors & Products Apple
Apple ios And Ipados
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-11T20:07:58.857Z

Reserved: 2025-11-11T14:43:07.865Z

Link: CVE-2026-20657

cve-icon Vulnrichment

Updated: 2026-03-26T13:50:18.585Z

cve-icon NVD

Status : Modified

Published: 2026-03-25T01:17:04.847

Modified: 2026-05-11T21:18:50.170

Link: CVE-2026-20657

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T23:45:03Z

Weaknesses