CVE-2019-8844

CWE-787Out-of-bounds WriteCWE-119Buffer Overflow16 documents9 sources
Severity
8.8HIGH
EPSS
3.0%
top 13.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Apple Icloud FOR WindowsApple IOS AND IpadosApple Itunes FOR Windows+10 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages17 packages

CVEListV5apple/icloud_for_windowsunspecified10.9+1
CVEListV5apple/itunes_for_windowsunspecified12.10
NVDapple/icloud10.010.9+1
CVEListV5apple/tvosunspecified13.3
NVDapple/tvos< 13.3

🔴Vulnerability Details

3
GHSA
GHSA-278v-44j3-pqxv: Multiple memory corruption issues were addressed with improved memory handling2022-05-24
OSV
CVE-2019-8844: Multiple memory corruption issues were addressed with improved memory handling2020-10-27
CVEList
CVE-2019-8844: Multiple memory corruption issues were addressed with improved memory handling2020-10-27

📋Vendor Advisories

10
Ubuntu
WebKitGTK+ vulnerabilities2020-01-29
Red Hat
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution2020-01-23
Apple
CVE-2019-8844: iCloud for Windows 10.92019-12-11
Apple
CVE-2019-8844: iTunes 12.10.3 for Windows2019-12-11
Apple
CVE-2019-8844: iCloud for Windows 7.162019-12-11

💬Community

2
Bugzilla
CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution2020-03-24
Bugzilla
CVE-2019-8844 webkit2gtk3: webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution [fedora-all]2020-03-24
CVE-2019-8844 (HIGH CVSS 8.8) | Multiple memory corruption issues w | cvebase.io