CVE-2019-7285 — Use After Free in Apple Icloud FOR Windows
Severity
8.8HIGHNVD
GHSA9.8
EPSS
1.3%
top 20.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 18
Latest updateMay 24
Description
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages10 packages
🔴Vulnerability Details
4GHSA▶
GHSA-vfpv-wm4r-vp6p: A use after free issue was addressed with improved memory management↗2022-05-24
CVEList
▶
📋Vendor Advisories
8💬Community
9Bugzilla▶
CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)↗2019-06-21
Bugzilla▶
CVE-2019-7285 CVE-2019-7292 CVE-2019-8506 CVE-2019-8515 CVE-2019-8518 CVE-2019-8523 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 mingw-webkitgtk: v↗2019-06-11
Bugzilla▶
CVE-2019-7285 mingw-webkitgtk: webkitgtk: crafted web content leads to arbitrary code execution [epel-7]↗2019-06-11
Bugzilla▶
CVE-2019-7285 mingw-webkitgtk3: webkitgtk: crafted web content leads to arbitrary code execution [epel-7]↗2019-06-11
Bugzilla▶
CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8518 CVE-2019-8523 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 webk↗2019-06-11