CVE-2022-22629

HIGH

macOS Monterey <12.3 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-22629. PoCs published by lck0.

AI-analyzed exploit summary This PoC demonstrates a heap buffer overflow in Safari's WebGL implementation (CVE-2022-22629) by exploiting the WEBGL_multi_draw extension. It crashes the WebContent process by manipulating offsets and draw counts to render past buffer bounds.

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (1)

nomisec WORKING POC

by lck0 · poc

https://github.com/lck0/CVE-2022-22629

View Code ZIP pw:eip

This PoC demonstrates a heap buffer overflow in Safari's WebGL implementation (CVE-2022-22629) by exploiting the WEBGL_multi_draw extension. It crashes the WebContent process by manipulating offsets and draw counts to render past buffer bounds.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Safari 15.0-15.3 (iOS/macOS)

No auth needed

Prerequisites: WebGL2 support · WEBGL_multi_draw extension availability

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →