7.8

CVE-2022-46694

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution.

Data is provided by the National Vulnerability Database (NVD)
AppleiPadOS Version < 15.7.2
AppleiPadOS Version >= 16.0 < 16.2
AppleiPhone OS Version < 15.7.2
AppleiPhone OS Version >= 16.0 < 16.2
AppletvOS Version < 16.2
ApplewatchOS Version < 9.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.183
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://seclists.org/fulldisclosure/2022/Dec/21
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/26
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/20
Third Party Advisory
Mailing List
https://support.apple.com/en-us/HT213530
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213531
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213536
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT213535
Vendor Advisory
Release Notes