CVE-2022-32907

Опубликовано: 01 нояб. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

Ссылки

http://packetstormsecurity.com/files/169930/AppleAVD-AppleAVDUserClient-decodeFrameFig-Memory-Corruption.html
Third Party Advisory
VDB Entry
https://support.apple.com/en-us/HT213446
Vendor Advisory
https://support.apple.com/en-us/HT213486
Vendor Advisory
https://support.apple.com/en-us/HT213487
Vendor Advisory
http://packetstormsecurity.com/files/169930/AppleAVD-AppleAVDUserClient-decodeFrameFig-Memory-Corruption.html
Third Party Advisory
VDB Entry
https://support.apple.com/en-us/HT213446
Vendor Advisory
https://support.apple.com/en-us/HT213486
Vendor Advisory
https://support.apple.com/en-us/HT213487
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 16.0 (исключая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 16.0 (исключая)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Версия до 9.0 (исключая)

EPSS

Процентиль: 34%

0.00136

Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-269

Связанные уязвимости

GHSA-fj87-wrmx-mhhj