cbcvebase.
CVE-2019-8506
published 2019-12-18

CVE-2019-8506: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for…

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-25
Exploited in the wild
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Affected

22 ranges
VendorProductVersion rangeFixed in
appleicloud< 7.117.11
appleicloud_for_windows
appleicloud_for_windows>= unspecified < iCloud for Windows 7.11iCloud for Windows 7.11
appleios
appleios>= unspecified < iOS 12.2iOS 12.2
appleiphone_os< 12.212.2
appleitunes< 12.9.412.9.4
appleitunes_12.9.4_for_windows
appleitunes_for_windows>= unspecified < iTunes 12.9.4 for WindowsiTunes 12.9.4 for Windows
applesafari< 12.112.1
applesafari
applesafari>= unspecified < Safari 12.1Safari 12.1
appletvos< 12.212.2
appletvos
appletvos>= unspecified < tvOS 12.2tvOS 12.2
applewatchos< 5.25.2
applewatchos
applewatchos>= unspecified < watchOS 5.2watchOS 5.2
debianwebkit2gtk< webkit2gtk 2.24.1-1 (bookworm)webkit2gtk 2.24.1-1 (bookworm)
redhatenterprise_linux_desktop
redhatenterprise_linux_server
redhatenterprise_linux_workstation

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH