A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Apple
  • Ipados
  • Iphone Os
  • Macos
  • Tvos
  • Visionos
  • Watchos

Configuration 1 [-]

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

No data.

References
Link Providers
http://seclists.org/fulldisclosure/2024/Mar/21 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/22 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/23 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/24 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/25 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/26 cve-icon cve-icon
https://support.apple.com/en-us/HT214081 cve-icon cve-icon
https://support.apple.com/en-us/HT214082 cve-icon cve-icon
https://support.apple.com/en-us/HT214083 cve-icon cve-icon
https://support.apple.com/en-us/HT214084 cve-icon cve-icon
https://support.apple.com/en-us/HT214085 cve-icon cve-icon
https://support.apple.com/en-us/HT214086 cve-icon cve-icon
https://support.apple.com/en-us/HT214087 cve-icon cve-icon
https://support.apple.com/en-us/HT214088 cve-icon cve-icon
History

Fri, 14 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 09 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2025-02-13T17:39:30.696Z

Reserved: 2024-01-12T22:22:21.500Z

Link: CVE-2024-23286

cve-icon Vulnrichment

Updated: 2024-08-01T22:59:32.209Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-08T02:15:49.973

Modified: 2024-12-09T14:46:04.583

Link: CVE-2024-23286

cve-icon Redhat

No data.