CVE-2024-44233

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-44233
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/121563 Release Notes Vendor Advisory
https://support.apple.com/en-us/121565 Release Notes Vendor Advisory
https://support.apple.com/en-us/121566 Release Notes Vendor Advisory
https://support.apple.com/en-us/121567 Release Notes Vendor Advisory
https://support.apple.com/en-us/121568 Release Notes Vendor Advisory
https://support.apple.com/en-us/121569 Release Notes Vendor Advisory
https://support.apple.com/en-us/121570 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:18.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:18.0:-:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
History

04 Nov 2024, 22:35

Type Values Removed Values Added
Summary
  • (es) El problema se solucionó con comprobaciones de límites mejoradas. Este problema se solucionó en macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, iOS 18.1 y iPadOS 18.1. El análisis de un archivo de video creado con fines malintencionados puede provocar la finalización inesperada del sistema.
CWE CWE-120

04 Nov 2024, 14:42

Type Values Removed Values Added
CPE cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:18.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:18.0:-:*:*:*:*:*:*
First Time Apple ipados
Apple watchos
Apple visionos
Apple
Apple tvos
Apple macos
Apple iphone Os
References () https://support.apple.com/en-us/121563 - () https://support.apple.com/en-us/121563 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121565 - () https://support.apple.com/en-us/121565 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121566 - () https://support.apple.com/en-us/121566 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121567 - () https://support.apple.com/en-us/121567 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121568 - () https://support.apple.com/en-us/121568 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121569 - () https://support.apple.com/en-us/121569 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121570 - () https://support.apple.com/en-us/121570 - Release Notes, Vendor Advisory
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5

01 Nov 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-01 21:15

Updated : 2024-11-04 22:35

NVD link : CVE-2024-44233

Mitre link : CVE-2024-44233

CVE.ORG link : CVE-2024-44233

JSON object : View

Products Affected

apple

  • macos
  • ipados
  • watchos
  • tvos
  • iphone_os
  • visionos
CWE
NVD-CWE-noinfo CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')