CVE-2023-42848

HIGH

Apple Ipad OS < 16.7.2 - Out-of-Bounds Write

Title source: rule

Description

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption.

References (9)

Core 9

Core References

Vendor Advisory

https://support.apple.com/en-us/HT213981

Vendor Advisory

https://support.apple.com/en-us/HT213982

Vendor Advisory

https://support.apple.com/en-us/HT213984

Vendor Advisory

https://support.apple.com/en-us/HT213985

Vendor Advisory

https://support.apple.com/en-us/HT213987

Vendor Advisory

https://support.apple.com/en-us/HT213988

Vendor Advisory

https://support.apple.com/kb/HT213982

Vendor Advisory

https://support.apple.com/kb/HT213984

Vendor Advisory

https://support.apple.com/kb/HT213988

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 8.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-122 CWE-787

Status published

Products (6)

apple/ipad_os < 16.7.2

apple/iphone_os < 16.7.2

apple/macos 14.0

apple/macos 13.0 - 13.6.1

apple/tvos < 17.1

apple/watchos < 10.1

Published Feb 21, 2024

Tracked Since Feb 18, 2026