CVE-2017-5732 — Improper Authentication in Apple Macos Mojave

CWE-287 — Improper Authentication CWE-787 — Out-of-bounds Write7 documents4 sources

Severity

7.8HIGHGHSA

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Mojave

Timeline

PublishedOct 16

Latest updateApr 16

Description

edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c [REJECTED CVE] A vulnerability exists in EDK-2 within BaseUefiDecompressLib.c (MdePkg/Library/BaseUefiDecompressLib). An authenticated attacker could exploit this vulnerability by supplying a crafted file, potentially leading to privilege escalation. Package: edk2 (Red Hat Enterprise Linux 8) - Not affected

Affected Packages1 packages

▶Appleapple/macos_mojave10.14

🔴Vulnerability Details

GHSA

UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen↗2026-04-16

▶

GHSA

UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable↗2026-04-16

▶

📋Vendor Advisories

Red Hat

edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c↗2018-10-16

▶

Apple

CVE-2017-5732: macOS Mojave 10.14↗2018-09-24

▶

💬Community

Bugzilla

CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c [epel-all]↗2018-10-22

▶

Bugzilla

CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c [fedora-all]↗2018-10-22

▶

Bugzilla

CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c↗2018-10-22

▶