CVE-2014-1292Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer16 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.9%
top 25.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple Tvos
Timeline
PublishedMar 14
Latest updateMay 14

Description

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDapple/tvos6.0.2+2
NVDapple/iphone_os7.0.6+6

🔴Vulnerability Details

6
GHSA
GHSA-hgf8-8w8h-57pw: WebKit, as used in Apple iOS before 72022-05-14
GHSA
GHSA-mx9q-pg4v-c3fj: WebKit, as used in Apple iOS before 72022-05-14
GHSA
GHSA-whfm-7ppq-w4cg: WebKit, as used in Apple iOS before 72022-05-14
GHSA
GHSA-xxcm-mh46-4jpv: WebKit, as used in Apple iOS before 72022-05-14
GHSA
GHSA-852r-57vg-pf7g: WebKit, as used in Apple iOS before 72022-05-14

📋Vendor Advisories

1
Red Hat
webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)2015-01-26

💬Community

3
Bugzilla
CVE-2014-1292 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)2015-01-27
Bugzilla
CVE-2014-1299 CVE-2014-1298 CVE-2013-2927 CVE-2014-1297 CVE-2013-2871 CVE-2014-1292 CVE-2013-2875 webkitgtk4: various flaws [fedora-all]2015-01-27
Bugzilla
CVE-2013-2871 CVE-2014-1388 CVE-2014-1299 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1344 CVE-2014-1298 CVE-2013-2927 CVE-2014-1297 CVE-2014-1390 CVE-2014-1292 CVE-2014-1389 CVE-2015-01-12