CVE-2014-4452Out-of-bounds Write in Apple Iphone OS

CWE-3997 documents4 sources
Severity
5.8MEDIUMNVD
NVD5.4OSV5.4
EPSS
1.1%
top 22.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple ItunesApple Safari+1 more
Timeline
PublishedNov 18
Latest updateMay 14

Description

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 5.5 | Impact: 6.4

Affected Packages5 packages

NVDapple/tvos6.07.0.2+10
NVDapple/itunes< 12.2
NVDapple/safari6.06.2.1+2
NVDapple/iphone_os8.08.1.1+4
Appleapple/itunes12.2

Patches

Patch: lists.apple.comPatch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

4
GHSA
GHSA-9vf8-v5m2-wmpf: WebKit, as used in Apple iOS before 82022-05-14
GHSA
GHSA-4p92-wj2w-jxx2: WebKit, as used in Apple iOS before 82022-05-14
OSV
CVE-2014-4452: WebKit, as used in Apple iOS before 82014-11-18
OSV
CVE-2014-4462: WebKit, as used in Apple iOS before 82014-11-18

📋Vendor Advisories

1
Apple
CVE-2014-4452: iTunes 12.2
CVE-2014-4452 — Out-of-bounds Write in Apple Iphone OS | cvebase