Description
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Processing a maliciously crafted image may corrupt process memory.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from insufficient memory handling in macOS's image processing subsystem. A maliciously crafted image can corrupt process memory, potentially causing application crashes or other unintended behavior. The weakness aligns with classic buffer overflow conditions outlined by CWE-119.

Affected Systems

Apple macOS systems running any version older than Sequoia 15.7.7, Sonoma 14.8.7, or Tahoe 26.5 are affected, as the patch was incorporated in those releases.

Risk and Exploitability

The CVSS score of 7.5 denotes a medium‑high severity, while the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in CISA's KEV catalog. Based on the description, it is inferred that an attacker would deliver a malicious image through user‑controllable inputs such as files, network traffic, or web content; no public exploit has been documented, but the lack of automatic mitigations means local or remote attackers capable of influencing image input could potentially exploit the flaw.

Generated by OpenCVE AI on May 13, 2026 at 00:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to the latest releases (Sequoia 15.7.7, Sonoma 14.8.7, or Tahoe 26.5) that include the memory‑handling fix.
  • Disallow the loading of untrusted images or route image processing through a sandboxed environment if possible.
  • If third‑party image libraries are in use, ensure they are updated to versions that address this issue.

Generated by OpenCVE AI on May 13, 2026 at 00:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 01:15:00 +0000

Type Values Removed Values Added
Title Malicious Image Causing Memory Corruption in macOS Image Processing

Tue, 12 May 2026 23:30:00 +0000

Type Values Removed Values Added
Title Memory Corruption from Maliciously Crafted Image Processing in macOS
Weaknesses CWE-122
CWE-125

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Memory Corruption from Maliciously Crafted Image Processing in macOS
First Time appeared Apple
Apple macos
Weaknesses CWE-122
CWE-125
Vendors & Products Apple
Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Processing a maliciously crafted image may corrupt process memory.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T18:30:47.340Z

Reserved: 2026-04-07T19:58:20.173Z

Link: CVE-2026-39870

cve-icon Vulnrichment

Updated: 2026-05-12T18:01:16.615Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:59.947

Modified: 2026-05-12T19:16:32.130

Link: CVE-2026-39870

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T01:00:23Z

Weaknesses