CVE-2024-27831

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27831
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://seclists.org/fulldisclosure/2024/Jun/5 Mailing List Third Party Advisory
https://support.apple.com/en-us/HT214100 Vendor Advisory
https://support.apple.com/en-us/HT214101 Vendor Advisory
https://support.apple.com/en-us/HT214102 Vendor Advisory
https://support.apple.com/en-us/HT214105 Vendor Advisory
https://support.apple.com/en-us/HT214106 Vendor Advisory
https://support.apple.com/en-us/HT214107 Vendor Advisory
https://support.apple.com/en-us/HT214108 Vendor Advisory
https://support.apple.com/kb/HT214100 Vendor Advisory
https://support.apple.com/kb/HT214101 Vendor Advisory
https://support.apple.com/kb/HT214102 Vendor Advisory
https://support.apple.com/kb/HT214105 Vendor Advisory
https://support.apple.com/kb/HT214106 Vendor Advisory
https://support.apple.com/kb/HT214107 Vendor Advisory
https://support.apple.com/kb/HT214108 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
History

03 Jul 2024, 01:51

Type Values Removed Values Added
CWE CWE-786

27 Jun 2024, 17:29

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Jun/5 - () http://seclists.org/fulldisclosure/2024/Jun/5 - Mailing List, Third Party Advisory
References () https://support.apple.com/en-us/HT214100 - () https://support.apple.com/en-us/HT214100 - Vendor Advisory
References () https://support.apple.com/en-us/HT214101 - () https://support.apple.com/en-us/HT214101 - Vendor Advisory
References () https://support.apple.com/en-us/HT214102 - () https://support.apple.com/en-us/HT214102 - Vendor Advisory
References () https://support.apple.com/en-us/HT214105 - () https://support.apple.com/en-us/HT214105 - Vendor Advisory
References () https://support.apple.com/en-us/HT214106 - () https://support.apple.com/en-us/HT214106 - Vendor Advisory
References () https://support.apple.com/en-us/HT214107 - () https://support.apple.com/en-us/HT214107 - Vendor Advisory
References () https://support.apple.com/en-us/HT214108 - () https://support.apple.com/en-us/HT214108 - Vendor Advisory
References () https://support.apple.com/kb/HT214100 - () https://support.apple.com/kb/HT214100 - Vendor Advisory
References () https://support.apple.com/kb/HT214101 - () https://support.apple.com/kb/HT214101 - Vendor Advisory
References () https://support.apple.com/kb/HT214102 - () https://support.apple.com/kb/HT214102 - Vendor Advisory
References () https://support.apple.com/kb/HT214105 - () https://support.apple.com/kb/HT214105 - Vendor Advisory
References () https://support.apple.com/kb/HT214106 - () https://support.apple.com/kb/HT214106 - Vendor Advisory
References () https://support.apple.com/kb/HT214107 - () https://support.apple.com/kb/HT214107 - Vendor Advisory
References () https://support.apple.com/kb/HT214108 - () https://support.apple.com/kb/HT214108 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
First Time Apple tvos
Apple macos
Apple iphone Os
Apple visionos
Apple
Apple ipados
CPE cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
CWE CWE-787

12 Jun 2024, 04:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jun/5 -

11 Jun 2024, 13:54

Type Values Removed Values Added
Summary
  • (es) Se solucionó un problema de escritura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, macOS Sonoma 14.5. El procesamiento de un archivo puede provocar la finalización inesperada de la aplicación o la ejecución de código arbitrario.

11 Jun 2024, 08:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214100 -
  • () https://support.apple.com/kb/HT214101 -
  • () https://support.apple.com/kb/HT214102 -
  • () https://support.apple.com/kb/HT214105 -
  • () https://support.apple.com/kb/HT214106 -
  • () https://support.apple.com/kb/HT214107 -

10 Jun 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-10 21:15

Updated : 2024-07-03 01:51

NVD link : CVE-2024-27831

Mitre link : CVE-2024-27831

CVE.ORG link : CVE-2024-27831

JSON object : View

Products Affected

apple

  • tvos
  • macos
  • ipados
  • iphone_os
  • visionos
CWE
CWE-787

Out-of-bounds Write

CWE-786

Access of Memory Location Before Start of Buffer