CVE-2022-22611

CWE-125Out-of-bounds Read8 documents4 sources
Severity
7.8HIGH
EPSS
0.6%
top 31.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple IOS AND IpadosApple MacosApple Tvos+4 more
Timeline
PublishedMar 18
Latest updateMar 19

Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

CVEListV5apple/tvosunspecified15.4+1
NVDapple/tvos< 15.4
CVEListV5apple/macosunspecified12.3
NVDapple/macos12.012.3
NVDapple/ipados< 15.4

🔴Vulnerability Details

2
GHSA
GHSA-2v7v-cqmh-xjw2: An out-of-bounds read was addressed with improved input validation2022-03-19
CVEList
CVE-2022-22611: An out-of-bounds read was addressed with improved input validation2022-03-18

📋Vendor Advisories

5
Apple
CVE-2022-22611: iOS 15.4 and iPadOS 15.42022-03-14
Apple
CVE-2022-22611: macOS Monterey 12.32022-03-14
Apple
CVE-2022-22611: tvOS 15.42022-03-14
Apple
CVE-2022-22611: watchOS 8.52022-03-14
Apple
CVE-2022-22611: iTunes 12.12.3 for Windows2022-03-08
CVE-2022-22611 (HIGH CVSS 7.8) | An out-of-bounds read was addressed | cvebase.io