CVE-2022-22612

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow8 documents4 sources

Severity

7.8HIGH

EPSS

0.3%

top 48.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +4 more

Timeline

PublishedMar 18

Latest updateMar 19

Description

A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5apple/tvosunspecified — 15.4+1

▶NVDapple/tvos< 15.4

▶CVEListV5apple/macosunspecified — 12.3

▶NVDapple/macos12.0 — 12.3

▶NVDapple/ipados< 15.4

🔴Vulnerability Details

GHSA

GHSA-8frx-qm3c-4j6p: A memory consumption issue was addressed with improved memory handling↗2022-03-19

▶

CVEList

CVE-2022-22612: A memory consumption issue was addressed with improved memory handling↗2022-03-18

▶

📋Vendor Advisories

Apple

CVE-2022-22612: watchOS 8.5↗2022-03-14

▶

Apple

CVE-2022-22612: tvOS 15.4↗2022-03-14

▶

Apple

CVE-2022-22612: iOS 15.4 and iPadOS 15.4↗2022-03-14

▶

Apple

CVE-2022-22612: macOS Monterey 12.3↗2022-03-14

▶

Apple

CVE-2022-22612: iTunes 12.12.3 for Windows↗2022-03-08

▶