CVE-2022-42846

MEDIUM EXPLOITED

iPadOS < 15.7.2 - Denial of Service via Maliciously Crafted Video File

Title source: llm

Exploitation Summary

CVE-2022-42846 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination.

References (4)

Core 4

Core References

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213530

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213531

Mailing List, Third Party Advisory mailing-list

http://seclists.org/fulldisclosure/2022/Dec/20

Mailing List, Third Party Advisory mailing-list

http://seclists.org/fulldisclosure/2022/Dec/21

Scores

CVSS v3 5.5

EPSS 0.0012

EPSS Percentile 30.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2022-12-13

CWE

CWE-119

Status published

Products (2)

apple/ipados < 15.7.2

apple/iphone_os < 15.7.2

Published Dec 15, 2022

Tracked Since Feb 18, 2026