CVE-2024-44126

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-44126

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

T

he issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption.

References
Link Resource
https://support.apple.com/en-us/121238 Release Notes Vendor Advisory
https://support.apple.com/en-us/121246 Release Notes Vendor Advisory
https://support.apple.com/en-us/121247 Release Notes Vendor Advisory
https://support.apple.com/en-us/121249 Release Notes Vendor Advisory
https://support.apple.com/en-us/121250 Release Notes Vendor Advisory
https://support.apple.com/en-us/121568 Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2024/Oct/13
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
History

03 Nov 2025, 22:18

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Oct/13 -

29 Oct 2024, 17:35

Type Values Removed Values Added
CWE CWE-787
First Time Apple ipados
Apple iphone Os
Apple macos
Apple
Apple visionos
CPE cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
References () https://support.apple.com/en-us/121238 - () https://support.apple.com/en-us/121238 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121246 - () https://support.apple.com/en-us/121246 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121247 - () https://support.apple.com/en-us/121247 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121249 - () https://support.apple.com/en-us/121249 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121250 - () https://support.apple.com/en-us/121250 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121568 - () https://support.apple.com/en-us/121568 - Release Notes, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

29 Oct 2024, 14:34

Type Values Removed Values Added
Summary
  • (es) El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 y iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 y iPadOS 18. El procesamiento de un archivo manipulado con fines malintencionados puede provocar daños en el montón.

28 Oct 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-28 21:15

Updated : 2025-11-03 22:18

NVD link : CVE-2024-44126

Mitre link : CVE-2024-44126

CVE.ORG link : CVE-2024-44126

JSON object : View

Products Affected

apple

CWE
CWE-787

Out-of-bounds Write