CVE-2022-42846
published 2022-12-15CVE-2022-42846: The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously…
PriorityP179medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.34%
25.3th percentile
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.7.2_and_ipados | — | — |
| apple | ios_16.2_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 16.2 | 16.2 |
| apple | ios_and_ipados | >= unspecified < 15.7 | 15.7 |
| apple | ipados | < 15.7.2 | 15.7.2 |
| apple | ipados | >= 16.0 < 16.2 | 16.2 |
| apple | iphone_os | < 15.7.2 | 15.7.2 |
| apple | iphone_os | >= 16.0 < 16.2 | 16.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger vector is a maliciously crafted video file parsed by the Graphics Driver component; monitor for unexpected system termination (kernel panics/crashes) following video file parsing on iOS/iPadOS devices ↗
- →Vulnerable component is the Graphics Driver on iOS/iPadOS; focus detection on Graphics Driver crash telemetry or sysdiagnose logs tied to video file ingestion ↗
- ·Vulnerability is fixed in iOS 16.2/iPadOS 16.2 and iOS 15.7.2/iPadOS 15.7.2; devices running earlier versions remain exposed ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2022-42846: iOS 15.7.2 and iPadOS 15.7.2
vendor_apple·2022-12-13·CVSS 5.5
CVE-2022-42846 [MEDIUM] CVE-2022-42846: iOS 15.7.2 and iPadOS 15.7.2
Apple Security Update: About the security content of iOS 15.7.2 and iPadOS 15.7.2
Product: iOS 15.7.2 and iPadOS
Version: 15.7.2
CVE: CVE-2022-42846
Component: Graphics Driver
Impact: Parsing a maliciously crafted video file may lead to unexpected system termination
Description: The issue was addressed with improved memory handling.
Apple
CVE-2022-42846: iOS 16.2 and iPadOS 16.2
vendor_apple·2022-12-13·CVSS 5.5
CVE-2022-42846 [MEDIUM] CVE-2022-42846: iOS 16.2 and iPadOS 16.2
Apple Security Update: About the security content of iOS 16.2 and iPadOS 16.2
Product: iOS 16.2 and iPadOS
Version: 16.2
CVE: CVE-2022-42846
Component: Graphics Driver
Impact: Parsing a maliciously crafted video file may lead to unexpected system termination
Description: The issue was addressed with improved memory handling.
GHSA
GHSA-7668-cr6w-9f3m: The issue was addressed with improved memory handling
ghsa_unreviewed·2022-12-15
CVE-2022-42846 [MEDIUM] CWE-119 GHSA-7668-cr6w-9f3m: The issue was addressed with improved memory handling
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination.
VulnCheck
iOS and iPadOS Malicious Video File System Termination Vulnerability
vulncheck·2022·CVSS 5.5
CVE-2022-42846 [MEDIUM] iOS and iPadOS Malicious Video File System Termination Vulnerability
iOS and iPadOS Malicious Video File System Termination Vulnerability
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination.
Affected: Apple ipados
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://support.apple.com/kb/HT213531
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2022/Dec/20http://seclists.org/fulldisclosure/2022/Dec/21https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213531http://seclists.org/fulldisclosure/2022/Dec/20http://seclists.org/fulldisclosure/2022/Dec/21https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213531
2022-12-15
Published
Exploited in the wild