CVE-2022-26711

CRITICAL

iTunes < 12.12.4 - Remote Code Execution via Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-26711. PoCs published by xpcmdshell.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-26711, an integer overflow vulnerability in Apple's ImageIO framework when parsing WebP images. The exploit demonstrates how a maliciously crafted WebP image can lead to arbitrary code execution in applications using ImageIO.

Description

An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Exploits (1)

nomisec WORKING POC 3 stars

by xpcmdshell · poc

https://github.com/xpcmdshell/CVE-2022-26711

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2022-26711, an integer overflow vulnerability in Apple's ImageIO framework when parsing WebP images. The exploit demonstrates how a maliciously crafted WebP image can lead to arbitrary code execution in applications using ImageIO.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apple ImageIO framework (macOS Monterey < 12.4, iOS < 15.5, etc.)

No auth needed

Prerequisites: A maliciously crafted WebP image · Target system running affected software

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →