CVE-2019-8846

CWE-416Use After Free15 documents9 sources
Severity
8.8HIGH
EPSS
0.6%
top 31.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Apple Icloud FOR WindowsApple IOS AND IpadosApple Itunes FOR Windows+9 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages15 packages

CVEListV5apple/icloud_for_windowsunspecified10.9+1
CVEListV5apple/itunes_for_windowsunspecified12.10
NVDapple/icloud10.010.9+1
CVEListV5apple/tvosunspecified13.3
NVDapple/tvos< 13.3

🔴Vulnerability Details

3
GHSA
GHSA-69vj-962m-hmhv: A use after free issue was addressed with improved memory management2022-05-24
CVEList
CVE-2019-8846: A use after free issue was addressed with improved memory management2020-10-27
OSV
CVE-2019-8846: A use after free issue was addressed with improved memory management2020-10-27

📋Vendor Advisories

9
Ubuntu
WebKitGTK+ vulnerabilities2020-01-29
Red Hat
webkitgtk: Use after free issue may lead to remote code execution2020-01-23
Apple
CVE-2019-8846: iCloud for Windows 7.162019-12-11
Apple
CVE-2019-8846: iCloud for Windows 10.92019-12-11
Apple
CVE-2019-8846: iTunes 12.10.3 for Windows2019-12-11

💬Community

2
Bugzilla
CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution2020-03-24
Bugzilla
CVE-2019-8846 webkit2gtk3: webkitgtk: Use after free issue may lead to remote code execution [fedora-all]2020-03-24
CVE-2019-8846 (HIGH CVSS 8.8) | A use after free issue was addresse | cvebase.io