CVE-2016-1847Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-476NULL Pointer Dereference9 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.9%
top 24.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple Iphone OSApple MAC OS XApple Tvos+3 more
Timeline
PublishedMay 20
Latest updateJun 18

Description

OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

NVDapple/tvos< 9.2.1
NVDapple/watchos< 2.2.1
Appleapple/tvos9.2.1
Appleapple/watchos2.2.1
NVDapple/mac_os_x< 10.11.5

🔴Vulnerability Details

1
GHSA
GHSA-3x4h-c58x-6jxv: OpenGL, as used in Apple iOS before 92022-05-14

📋Vendor Advisories

5
Red Hat
kernel: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs2025-06-18
Apple
CVE-2016-1847: OS X El Capitan v10.11.5 and Security Update 2016-003
Apple
CVE-2016-1847: iOS 9.3.2
Apple
CVE-2016-1847: watchOS 2.2.1
Apple
CVE-2016-1847: tvOS 9.2.1

🕵️Threat Intelligence

2
Unit42
Palo Alto Networks Researchers Uncover Critical Apple Product Vulnerabilities2016-06-02
Unit42
Palo Alto Networks Researchers Uncover Critical Apple Product Vulnerabilities2016-06-02