Vulnerabilites related to apple - garageband
Vulnerability from fkie_nvd
Published
2025-01-30 19:15
Modified
2025-03-18 16:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121866 | Vendor Advisory, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Feb/2 | Vendor Advisory, Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | garageband | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*", matchCriteriaId: "08180A03-77F4-4F8B-98F7-8A38A931127E", versionEndExcluding: "10.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.", }, { lang: "es", value: "El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en GarageBand 10.4.12. El procesamiento de una imagen manipulado malintencionada puede provocar la ejecución de código arbitrario.", }, ], id: "CVE-2024-44142", lastModified: "2025-03-18T16:06:18.150", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-30T19:15:13.910", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121866", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", "Release Notes", ], url: "http://seclists.org/fulldisclosure/2025/Feb/2", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-20 08:59
Modified
2024-11-21 03:23
Severity ?
Summary
An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | logic_pro_x | * | |
| apple | garageband | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:logic_pro_x:*:*:*:*:*:*:*:*", matchCriteriaId: "3300DB0D-1E0C-4FB8-B342-865FF10B4336", versionEndIncluding: "10.2.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*", matchCriteriaId: "0F2AC9E6-E433-4187-8765-67960069853A", versionEndIncluding: "10.1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the \"Projects\" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file.", }, { lang: "es", value: "Se ha descubierto un problema en ciertos productos Apple. GarageBand en versiones anteriores a 10.1.5 está afectado. Logic Pro X en versiones anteriores a 10.3 está afectado. El problema involucra al componente \"Projects\", que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo GarageBand project manipulado.", }, ], id: "CVE-2017-2372", lastModified: "2024-11-21T03:23:23.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-20T08:59:05.400", references: [ { source: "product-security@apple.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95627", }, { source: "product-security@apple.com", url: "http://www.securitytracker.com/id/1037627", }, { source: "product-security@apple.com", url: "http://www.talosintelligence.com/reports/TALOS-2016-0262/", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207476", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207477", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95627", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037627", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.talosintelligence.com/reports/TALOS-2016-0262/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207476", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207477", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-18 18:15
Modified
2024-11-21 06:47
Severity ?
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | garageband | * | |
| apple | logic_pro_x | * | |
| apple | macos | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*", matchCriteriaId: "12589E8B-DD0A-4324-84D4-060E23DEC16C", versionEndExcluding: "10.4.6", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:logic_pro_x:*:*:*:*:*:*:*:*", matchCriteriaId: "CFF30F8B-F84F-44F2-9BAB-03B00CC66E18", versionEndExcluding: "10.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "9060C1B6-F101-46AE-8B08-6D6951304916", versionEndExcluding: "12.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.", }, { lang: "es", value: "Se abordó un problema de lectura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en Logic Pro versión 10.7.3, GarageBand versión 10.4.6 y macOS Monterey versión 12.3. La apertura de un archivo diseñado de forma maliciosa puede conllevar a una finalización no esperada de la aplicación o una ejecución de código arbitrario", }, ], id: "CVE-2022-22664", lastModified: "2024-11-21T06:47:13.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-18T18:15:15.080", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213183", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213190", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213191", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-12 21:15
Modified
2024-12-09 15:00
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | garageband | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*", matchCriteriaId: "6ED0F012-D587-47C3-B97C-DC73B1C56CAC", versionEndExcluding: "10.4.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.", }, { lang: "es", value: "Se solucionó un problema de use-after-free con una gestión de memoria mejorada. Este problema se solucionó en GarageBand 10.4.11. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalización inesperada de la aplicación o la ejecución de código arbitrario.", }, ], id: "CVE-2024-23300", lastModified: "2024-12-09T15:00:30.860", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-12T21:15:58.077", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/27", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214090", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214090", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2009-08-04 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | garageband | * | |
| apple | garageband | 4.1.1 | |
| apple | garageband | 4.1.2 | |
| apple | garageband | 5.0 | |
| apple | garageband | 5.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*", matchCriteriaId: "F0AA3FD0-0103-4584-8D1D-2D8A105354AB", versionEndIncluding: "5.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:garageband:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "0B069491-5102-4BCB-8090-C3120898C14B", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:garageband:4.1.2:*:*:*:*:*:*:*", matchCriteriaId: "C261362F-E7A5-4C21-9D3E-550D30640AE3", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:garageband:5.0:*:*:*:*:*:*:*", matchCriteriaId: "4B16C1BB-7605-4B93-90E5-F480D71C2B45", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:garageband:5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3EB160CA-FF32-4198-A06A-2AD26790A1DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.", }, { lang: "es", value: "Apple GarageBand anterior a v5.1 reconfirura Safari aceptando todas las cookies sin importar el nombre de dominio, lo que hace que sea más sencillo para los servidores Web remotos seguir a los usuarios.", }, ], id: "CVE-2009-2198", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2009-08-04T16:30:00.327", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00000.html", }, { source: "cve@mitre.org", url: "http://osvdb.org/56738", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36114", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.apple.com/kb/HT3732", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/35926", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1022649", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2141", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52248", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/56738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36114", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.apple.com/kb/HT3732", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/35926", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1022649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52248", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-20 08:59
Modified
2024-11-21 03:23
Severity ?
Summary
An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | garageband | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*", matchCriteriaId: "7A55BDB7-FAA1-4C59-B266-31AD13890B8E", versionEndIncluding: "10.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the \"Projects\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file.", }, { lang: "es", value: "Se ha descubierto un problema en ciertos productos Apple. GarageBand en versiones anteriores a 10.1.6 está afectado. El problema involucra al componente \"Projects\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo GarageBand project.", }, ], id: "CVE-2017-2374", lastModified: "2024-11-21T03:23:23.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-20T08:59:05.463", references: [ { source: "product-security@apple.com", url: "http://www.securityfocus.com/bid/96171", }, { source: "product-security@apple.com", url: "http://www.securitytracker.com/id/1037868", }, { source: "product-security@apple.com", url: "http://www.talosintelligence.com/reports/TALOS-2017-0275/", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207518", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.talosintelligence.com/reports/TALOS-2017-0275/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207518", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-18 18:15
Modified
2024-11-21 06:47
Severity ?
Summary
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | garageband | * | |
| apple | logic_pro_x | * | |
| apple | macos | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*", matchCriteriaId: "12589E8B-DD0A-4324-84D4-060E23DEC16C", versionEndExcluding: "10.4.6", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:logic_pro_x:*:*:*:*:*:*:*:*", matchCriteriaId: "CFF30F8B-F84F-44F2-9BAB-03B00CC66E18", versionEndExcluding: "10.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "9060C1B6-F101-46AE-8B08-6D6951304916", versionEndExcluding: "12.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.", }, { lang: "es", value: "Se abordó un problema de inicialización de la memoria con una administración de memoria mejorada. Este problema es corregido en Logic Pro versión 10.7.3, GarageBand versión 10.4.6 y macOS Monterey versión 12.3. La apertura de un archivo diseñado de forma maliciosa puede conllevar a una finalización no esperada de la aplicación o una ejecución de código arbitrario", }, ], id: "CVE-2022-22657", lastModified: "2024-11-21T06:47:13.157", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-18T18:15:14.917", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213183", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213190", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213191", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-665", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-20 04:15
Modified
2025-01-06 14:20
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/120299 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | garageband | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*", matchCriteriaId: "78ED0789-F3CD-4105-A3FA-3DBE0705A9F9", versionEndExcluding: "10.4.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.", }, { lang: "es", value: "Este problema se solucionó con una validación mejorada de la autorización del proceso y la identificación del equipo. Este problema se solucionó en GarageBand 10.4.9. Es posible que una aplicación pueda obtener privilegios de superusuario.", }, ], id: "CVE-2023-42867", lastModified: "2025-01-06T14:20:04.917", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-20T04:15:05.200", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120299", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-281", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-08 15:15
Modified
2024-11-21 06:04
Severity ?
Summary
This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/HT212299 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT212299 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | garageband | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*", matchCriteriaId: "B29EDFB0-9C20-42B4-B358-B5F6F2C05D33", versionEndExcluding: "10.4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.", }, { lang: "es", value: "Se abordó este problema con la eliminación de derechos adicionales. Este problema es corregido en GarageBand versión 10.4.3. Un atacante local puede ser capaz de leer información confidencial", }, ], id: "CVE-2021-30654", lastModified: "2024-11-21T06:04:22.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-08T15:15:12.937", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT212299", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT212299", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2009-2198
Vulnerability from cvelistv5
Published
2009-08-04 16:13
Modified
2024-08-07 05:44
Severity ?
EPSS score ?
Summary
Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52248 | vdb-entry, x_refsource_XF | |
| http://support.apple.com/kb/HT3732 | x_refsource_CONFIRM | |
| http://osvdb.org/56738 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/35926 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/2141 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1022649 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/36114 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.apple.com/archives/security-announce/2009/Aug/msg00000.html | vendor-advisory, x_refsource_APPLE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:44:55.355Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "garageband-safari-info-disclosure(52248)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52248", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT3732", }, { name: "56738", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/56738", }, { name: "35926", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/35926", }, { name: "ADV-2009-2141", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/2141", }, { name: "1022649", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022649", }, { name: "36114", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36114", }, { name: "APPLE-SA-2009-08-03-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-08-03T00:00:00", descriptions: [ { lang: "en", value: "Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "garageband-safari-info-disclosure(52248)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52248", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT3732", }, { name: "56738", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/56738", }, { name: "35926", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/35926", }, { name: "ADV-2009-2141", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/2141", }, { name: "1022649", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022649", }, { name: "36114", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36114", }, { name: "APPLE-SA-2009-08-03-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-2198", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "garageband-safari-info-disclosure(52248)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52248", }, { name: "http://support.apple.com/kb/HT3732", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT3732", }, { name: "56738", refsource: "OSVDB", url: "http://osvdb.org/56738", }, { name: "35926", refsource: "BID", url: "http://www.securityfocus.com/bid/35926", }, { name: "ADV-2009-2141", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/2141", }, { name: "1022649", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022649", }, { name: "36114", refsource: "SECUNIA", url: "http://secunia.com/advisories/36114", }, { name: "APPLE-SA-2009-08-03-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-2198", datePublished: "2009-08-04T16:13:00", dateReserved: "2009-06-24T00:00:00", dateUpdated: "2024-08-07T05:44:55.355Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22657
Vulnerability from cvelistv5
Published
2022-03-18 18:00
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.apple.com/en-us/HT213183 | x_refsource_MISC | |
| https://support.apple.com/en-us/HT213190 | x_refsource_MISC | |
| https://support.apple.com/en-us/HT213191 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:21:49.093Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.apple.com/en-us/HT213183", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.apple.com/en-us/HT213190", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.apple.com/en-us/HT213191", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "10.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-18T18:00:07", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.apple.com/en-us/HT213183", }, { tags: [ "x_refsource_MISC", ], url: "https://support.apple.com/en-us/HT213190", }, { tags: [ "x_refsource_MISC", ], url: "https://support.apple.com/en-us/HT213191", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2022-22657", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "macOS", version: { version_data: [ { version_affected: "<", version_value: "12.3", }, ], }, }, { product_name: "macOS", version: { version_data: [ { version_affected: "<", version_value: "10.7", }, ], }, }, { product_name: "macOS", version: { version_data: [ { version_affected: "<", version_value: "10.4", }, ], }, }, ], }, vendor_name: "Apple", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution", }, ], }, ], }, references: { reference_data: [ { name: "https://support.apple.com/en-us/HT213183", refsource: "MISC", url: "https://support.apple.com/en-us/HT213183", }, { name: "https://support.apple.com/en-us/HT213190", refsource: "MISC", url: "https://support.apple.com/en-us/HT213190", }, { name: "https://support.apple.com/en-us/HT213191", refsource: "MISC", url: "https://support.apple.com/en-us/HT213191", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-22657", datePublished: "2022-03-18T18:00:07", dateReserved: "2022-01-05T00:00:00", dateUpdated: "2024-08-03T03:21:49.093Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-30654
Vulnerability from cvelistv5
Published
2021-09-08 14:47
Modified
2024-08-03 22:40
Severity ?
EPSS score ?
Summary
This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.apple.com/en-us/HT212299 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | GarageBand |
Version: unspecified < 10.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:40:31.895Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.apple.com/en-us/HT212299", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GarageBand", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.", }, ], problemTypes: [ { descriptions: [ { description: "A local attacker may be able to read sensitive information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-08T14:47:18", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.apple.com/en-us/HT212299", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2021-30654", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GarageBand", version: { version_data: [ { version_affected: "<", version_value: "10.4", }, ], }, }, ], }, vendor_name: "Apple", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "A local attacker may be able to read sensitive information", }, ], }, ], }, references: { reference_data: [ { name: "https://support.apple.com/en-us/HT212299", refsource: "MISC", url: "https://support.apple.com/en-us/HT212299", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2021-30654", datePublished: "2021-09-08T14:47:18", dateReserved: "2021-04-13T00:00:00", dateUpdated: "2024-08-03T22:40:31.895Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23300
Vulnerability from cvelistv5
Published
2024-03-12 20:33
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | GarageBand |
Version: unspecified < 10.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.244Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214090", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/27", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "garageband", vendor: "apple", versions: [ { lessThan: "10.4.11", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23300", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-13T16:07:44.877488Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-26T14:59:29.910Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "GarageBand", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:07:31.210Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214090", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/27", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23300", datePublished: "2024-03-12T20:33:32.246Z", dateReserved: "2024-01-12T22:22:21.502Z", dateUpdated: "2025-02-13T17:39:37.945Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-2372
Vulnerability from cvelistv5
Published
2017-02-20 08:35
Modified
2024-08-05 13:55
Severity ?
EPSS score ?
Summary
An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.apple.com/HT207476 | x_refsource_CONFIRM | |
| http://www.talosintelligence.com/reports/TALOS-2016-0262/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/95627 | vdb-entry, x_refsource_BID | |
| https://support.apple.com/HT207477 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037627 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:55:04.091Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207476", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0262/", }, { name: "95627", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95627", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207477", }, { name: "1037627", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037627", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-02-13T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the \"Projects\" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-25T09:57:01", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207476", }, { tags: [ "x_refsource_MISC", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0262/", }, { name: "95627", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95627", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207477", }, { name: "1037627", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037627", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2017-2372", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the \"Projects\" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.apple.com/HT207476", refsource: "CONFIRM", url: "https://support.apple.com/HT207476", }, { name: "http://www.talosintelligence.com/reports/TALOS-2016-0262/", refsource: "MISC", url: "http://www.talosintelligence.com/reports/TALOS-2016-0262/", }, { name: "95627", refsource: "BID", url: "http://www.securityfocus.com/bid/95627", }, { name: "https://support.apple.com/HT207477", refsource: "CONFIRM", url: "https://support.apple.com/HT207477", }, { name: "1037627", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037627", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2017-2372", datePublished: "2017-02-20T08:35:00", dateReserved: "2016-12-01T00:00:00", dateUpdated: "2024-08-05T13:55:04.091Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42867
Vulnerability from cvelistv5
Published
2024-12-20 03:37
Modified
2024-12-27 18:33
Severity ?
EPSS score ?
Summary
This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | GarageBand |
Version: unspecified < 10.4.9 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-42867", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-27T18:32:15.459811Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-281", description: "CWE-281 Improper Preservation of Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-27T18:33:22.148Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "GarageBand", vendor: "Apple", versions: [ { lessThan: "10.4.9", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to gain root privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-20T03:37:12.119Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/120299", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2023-42867", datePublished: "2024-12-20T03:37:12.119Z", dateReserved: "2023-09-14T19:05:11.453Z", dateUpdated: "2024-12-27T18:33:22.148Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22664
Vulnerability from cvelistv5
Published
2022-03-18 18:00
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.apple.com/en-us/HT213183 | x_refsource_MISC | |
| https://support.apple.com/en-us/HT213190 | x_refsource_MISC | |
| https://support.apple.com/en-us/HT213191 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:21:48.980Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.apple.com/en-us/HT213183", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.apple.com/en-us/HT213190", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.apple.com/en-us/HT213191", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "10.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-18T18:00:09", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.apple.com/en-us/HT213183", }, { tags: [ "x_refsource_MISC", ], url: "https://support.apple.com/en-us/HT213190", }, { tags: [ "x_refsource_MISC", ], url: "https://support.apple.com/en-us/HT213191", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2022-22664", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "macOS", version: { version_data: [ { version_affected: "<", version_value: "12.3", }, ], }, }, { product_name: "macOS", version: { version_data: [ { version_affected: "<", version_value: "10.7", }, ], }, }, { product_name: "macOS", version: { version_data: [ { version_affected: "<", version_value: "10.4", }, ], }, }, ], }, vendor_name: "Apple", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution", }, ], }, ], }, references: { reference_data: [ { name: "https://support.apple.com/en-us/HT213183", refsource: "MISC", url: "https://support.apple.com/en-us/HT213183", }, { name: "https://support.apple.com/en-us/HT213190", refsource: "MISC", url: "https://support.apple.com/en-us/HT213190", }, { name: "https://support.apple.com/en-us/HT213191", refsource: "MISC", url: "https://support.apple.com/en-us/HT213191", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-22664", datePublished: "2022-03-18T18:00:09", dateReserved: "2022-01-05T00:00:00", dateUpdated: "2024-08-03T03:21:48.980Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44142
Vulnerability from cvelistv5
Published
2025-01-30 18:49
Modified
2025-02-02 10:02
Severity ?
EPSS score ?
Summary
The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | GarageBand |
Version: unspecified < 10.4 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44142", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-31T20:02:56.518920Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T20:05:24.668Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-02-02T10:02:30.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://seclists.org/fulldisclosure/2025/Feb/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GarageBand", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted image may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T18:49:12.899Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121866", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44142", datePublished: "2025-01-30T18:49:12.899Z", dateReserved: "2024-08-20T21:42:05.920Z", dateUpdated: "2025-02-02T10:02:30.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-2374
Vulnerability from cvelistv5
Published
2017-02-20 08:35
Modified
2024-08-05 13:55
Severity ?
EPSS score ?
Summary
An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96171 | vdb-entry, x_refsource_BID | |
| https://support.apple.com/HT207518 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037868 | vdb-entry, x_refsource_SECTRACK | |
| http://www.talosintelligence.com/reports/TALOS-2017-0275/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:55:04.084Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96171", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96171", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207518", }, { name: "1037868", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037868", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.talosintelligence.com/reports/TALOS-2017-0275/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-02-13T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the \"Projects\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-24T12:57:01", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { name: "96171", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96171", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207518", }, { name: "1037868", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037868", }, { tags: [ "x_refsource_MISC", ], url: "http://www.talosintelligence.com/reports/TALOS-2017-0275/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2017-2374", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the \"Projects\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96171", refsource: "BID", url: "http://www.securityfocus.com/bid/96171", }, { name: "https://support.apple.com/HT207518", refsource: "CONFIRM", url: "https://support.apple.com/HT207518", }, { name: "1037868", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037868", }, { name: "http://www.talosintelligence.com/reports/TALOS-2017-0275/", refsource: "MISC", url: "http://www.talosintelligence.com/reports/TALOS-2017-0275/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2017-2374", datePublished: "2017-02-20T08:35:00", dateReserved: "2016-12-01T00:00:00", dateUpdated: "2024-08-05T13:55:04.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-201702-0885
Vulnerability from variot
An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file. Apple From GarageBand and Logic Pro X An update for has been released.Crafted GarageBand An arbitrary code may be executed by opening the project file. Attackers can exploit this issue to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. CVE-2017-2372: Tyler Bohan of Cisco Talos
Installation note:
GarageBand 10.1.5 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYf8YgAAoJEIOj74w0bLRGWiQP+gNnna3Ha0pOdJr/u3LHf/tN tpX/lArjvo8ELpqb8wc5iCDXmSq7BgrnOV2T+XNI0XtE1md0xkQ3ttfTmSWB33Nh ylVaHytLC/Xy5JqOYjuD9NWwo9wBdT+/6m1jMymUvaSs+QS3wNn64v0gp75zGKBh UW9LJHDAAzfWui2rL2Rw3Iyuk2tGAO7QmEdTjfKZ7p+wcWjz3A61LYorVVxlZOO+ d6ir0mleQudZWB55hidm0z5d3x5GWhQ9jWWgI6fdD8DvEXrQfE60bnQZEMQzplgk bGE9ZPASl41Y3rzfLb8M5c7Rfth2sWijOOTDfGiIzaXBH293S6iyfzwONnoL9eTH WeR8Em4Dbp5YpMoMoEPUR+Bx2pOgZWAPbbErn4uvP8quC1DcKQ/WzObOb/m5XfE6 /jUvV6dI1f/jNutt9uzs/y54qzoQxJDQXm6lqWo0PvlMbEOiSWUlH0ierwMpxAaG dw1EjizczK9JoLseNc8YTAYyjEvhx7BMZuRiZjmHuHzfSaTvD4Gl/8w+KTEmsIkf V0R1F6IK6gFxRphHvfY2SkDVvgYk0eHCSXq9pkPDShElJR38Iu+a4vvXOjSGkOHL h2mAUdnNalF9zyyVX2oCfgHnxtuI8dvNQDHQjYS+xmcd00VmJm63WFgT72fOzVvP n5gdgHkBKUmF+lzYVHtj =4J27 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0885", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "logic pro x", scope: "lte", trust: 1, vendor: "apple", version: "10.2.4", }, { model: "garageband", scope: "lte", trust: 1, vendor: "apple", version: "10.1.4", }, { model: "garageband", scope: "lt", trust: 0.8, vendor: "apple", version: "10.1.5 earlier", }, { model: "logic pro x", scope: "lt", trust: 0.8, vendor: "apple", version: "10.3 earlier", }, { model: "garageband", scope: "eq", trust: 0.6, vendor: "apple", version: "10.1.4", }, { model: "logic pro x", scope: "eq", trust: 0.6, vendor: "apple", version: "10.2.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "logic pro", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.2", }, { model: "logic pro", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.1", }, { model: "garageband", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1", }, { model: "logic pro", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.3", }, { model: "garageband", scope: "ne", trust: 0.3, vendor: "apple", version: "10.1.5", }, ], sources: [ { db: "BID", id: "95627", }, { db: "JVNDB", id: "JVNDB-2017-001056", }, { db: "CNNVD", id: "CNNVD-201701-793", }, { db: "NVD", id: "CVE-2017-2372", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:apple:garageband", vulnerable: true, }, { cpe22Uri: "cpe:/a:apple:logic_pro_x", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-001056", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Tyler Bohan of Cisco Talos", sources: [ { db: "BID", id: "95627", }, { db: "CNNVD", id: "CNNVD-201701-793", }, ], trust: 0.9, }, cve: "CVE-2017-2372", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2017-2372", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-110575", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-2372", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-2372", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2017-2372", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201701-793", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-110575", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-110575", }, { db: "JVNDB", id: "JVNDB-2017-001056", }, { db: "CNNVD", id: "CNNVD-201701-793", }, { db: "NVD", id: "CVE-2017-2372", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the \"Projects\" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file. Apple From GarageBand and Logic Pro X An update for has been released.Crafted GarageBand An arbitrary code may be executed by opening the project file. \nAttackers can exploit this issue to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. \nCVE-2017-2372: Tyler Bohan of Cisco Talos\n\nInstallation note:\n\nGarageBand 10.1.5 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYf8YgAAoJEIOj74w0bLRGWiQP+gNnna3Ha0pOdJr/u3LHf/tN\ntpX/lArjvo8ELpqb8wc5iCDXmSq7BgrnOV2T+XNI0XtE1md0xkQ3ttfTmSWB33Nh\nylVaHytLC/Xy5JqOYjuD9NWwo9wBdT+/6m1jMymUvaSs+QS3wNn64v0gp75zGKBh\nUW9LJHDAAzfWui2rL2Rw3Iyuk2tGAO7QmEdTjfKZ7p+wcWjz3A61LYorVVxlZOO+\nd6ir0mleQudZWB55hidm0z5d3x5GWhQ9jWWgI6fdD8DvEXrQfE60bnQZEMQzplgk\nbGE9ZPASl41Y3rzfLb8M5c7Rfth2sWijOOTDfGiIzaXBH293S6iyfzwONnoL9eTH\nWeR8Em4Dbp5YpMoMoEPUR+Bx2pOgZWAPbbErn4uvP8quC1DcKQ/WzObOb/m5XfE6\n/jUvV6dI1f/jNutt9uzs/y54qzoQxJDQXm6lqWo0PvlMbEOiSWUlH0ierwMpxAaG\ndw1EjizczK9JoLseNc8YTAYyjEvhx7BMZuRiZjmHuHzfSaTvD4Gl/8w+KTEmsIkf\nV0R1F6IK6gFxRphHvfY2SkDVvgYk0eHCSXq9pkPDShElJR38Iu+a4vvXOjSGkOHL\nh2mAUdnNalF9zyyVX2oCfgHnxtuI8dvNQDHQjYS+xmcd00VmJm63WFgT72fOzVvP\nn5gdgHkBKUmF+lzYVHtj\n=4J27\n-----END PGP SIGNATURE-----\n\n\n\n", sources: [ { db: "NVD", id: "CVE-2017-2372", }, { db: "JVNDB", id: "JVNDB-2017-001056", }, { db: "BID", id: "95627", }, { db: "VULHUB", id: "VHN-110575", }, { db: "PACKETSTORM", id: "140631", }, { db: "PACKETSTORM", id: "140630", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-2372", trust: 3, }, { db: "BID", id: "95627", trust: 2, }, { db: "TALOS", id: "TALOS-2016-0262", trust: 1.1, }, { db: "SECTRACK", id: "1037627", trust: 1.1, }, { db: "JVN", id: "JVNVU90290095", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2017-001056", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201701-793", trust: 0.7, }, { db: "PACKETSTORM", id: "140631", trust: 0.2, }, { db: "PACKETSTORM", id: "140630", trust: 0.2, }, { db: "SEEBUG", id: "SSVID-96570", trust: 0.1, }, { db: "VULHUB", id: "VHN-110575", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-110575", }, { db: "BID", id: "95627", }, { db: "JVNDB", id: "JVNDB-2017-001056", }, { db: "PACKETSTORM", id: "140631", }, { db: "PACKETSTORM", id: "140630", }, { db: "CNNVD", id: "CNNVD-201701-793", }, { db: "NVD", id: "CVE-2017-2372", }, ], }, id: "VAR-201702-0885", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-110575", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:52:33.324000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HT207477 (About the security content of GarageBand 10.1.5)", trust: 0.8, url: "https://support.apple.com/en-us/HT207477", }, { title: "HT207476 (About the security content of Logic Pro X 10.3)", trust: 0.8, url: "https://support.apple.com/en-us/HT207476", }, { title: "HT207476", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207476", }, { title: "HT207477", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207477", }, { title: "Apple Logic Pro X and GarageBand Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67351", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-001056", }, { db: "CNNVD", id: "CNNVD-201701-793", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-110575", }, { db: "JVNDB", id: "JVNDB-2017-001056", }, { db: "NVD", id: "CVE-2017-2372", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "http://www.securityfocus.com/bid/95627", }, { trust: 1.7, url: "https://support.apple.com/ht207476", }, { trust: 1.7, url: "https://support.apple.com/ht207477", }, { trust: 1.1, url: "http://www.talosintelligence.com/reports/talos-2016-0262/", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1037627", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2372", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnvu90290095", }, { trust: 0.8, url: "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-2372", }, { trust: 0.3, url: "https://www.apple.com/", }, { trust: 0.2, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2372", }, { trust: 0.2, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.2, url: "https://gpgtools.org", }, ], sources: [ { db: "VULHUB", id: "VHN-110575", }, { db: "BID", id: "95627", }, { db: "JVNDB", id: "JVNDB-2017-001056", }, { db: "PACKETSTORM", id: "140631", }, { db: "PACKETSTORM", id: "140630", }, { db: "CNNVD", id: "CNNVD-201701-793", }, { db: "NVD", id: "CVE-2017-2372", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-110575", }, { db: "BID", id: "95627", }, { db: "JVNDB", id: "JVNDB-2017-001056", }, { db: "PACKETSTORM", id: "140631", }, { db: "PACKETSTORM", id: "140630", }, { db: "CNNVD", id: "CNNVD-201701-793", }, { db: "NVD", id: "CVE-2017-2372", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-02-20T00:00:00", db: "VULHUB", id: "VHN-110575", }, { date: "2017-01-18T00:00:00", db: "BID", id: "95627", }, { date: "2017-01-23T00:00:00", db: "JVNDB", id: "JVNDB-2017-001056", }, { date: "2017-01-20T01:45:28", db: "PACKETSTORM", id: "140631", }, { date: "2017-01-20T01:43:41", db: "PACKETSTORM", id: "140630", }, { date: "2017-01-20T00:00:00", db: "CNNVD", id: "CNNVD-201701-793", }, { date: "2017-02-20T08:59:05.400000", db: "NVD", id: "CVE-2017-2372", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-07-26T00:00:00", db: "VULHUB", id: "VHN-110575", }, { date: "2017-01-23T01:11:00", db: "BID", id: "95627", }, { date: "2017-01-23T00:00:00", db: "JVNDB", id: "JVNDB-2017-001056", }, { date: "2017-02-27T00:00:00", db: "CNNVD", id: "CNNVD-201701-793", }, { date: "2024-11-21T03:23:23.550000", db: "NVD", id: "CVE-2017-2372", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201701-793", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple GarageBand and Logic Pro X Update for vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2017-001056", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer overflow", sources: [ { db: "CNNVD", id: "CNNVD-201701-793", }, ], trust: 0.6, }, }
var-202109-1304
Vulnerability from variot
This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information. GarageBand Exists in unspecified vulnerabilities.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1304", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "garageband", scope: "lt", trust: 1, vendor: "apple", version: "10.4.3", }, { model: "garageband", scope: "eq", trust: 0.8, vendor: "アップル", version: null, }, { model: "garageband", scope: null, trust: 0.8, vendor: "アップル", version: null, }, { model: "garageband", scope: "eq", trust: 0.8, vendor: "アップル", version: "10.4.3", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-013680", }, { db: "NVD", id: "CVE-2021-30654", }, ], }, cve: "CVE-2021-30654", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2021-30654", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1.9, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "VHN-390387", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2021-30654", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-30654", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-30654", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2021-30654", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202104-1090", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-390387", trust: 0.1, value: "LOW", }, { author: "VULMON", id: "CVE-2021-30654", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-390387", }, { db: "VULMON", id: "CVE-2021-30654", }, { db: "JVNDB", id: "JVNDB-2021-013680", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202104-1090", }, { db: "NVD", id: "CVE-2021-30654", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information. GarageBand Exists in unspecified vulnerabilities.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", sources: [ { db: "NVD", id: "CVE-2021-30654", }, { db: "JVNDB", id: "JVNDB-2021-013680", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULHUB", id: "VHN-390387", }, { db: "VULMON", id: "CVE-2021-30654", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-30654", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2021-013680", trust: 0.8, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "CS-HELP", id: "SB2021041421", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-1090", trust: 0.6, }, { db: "VULHUB", id: "VHN-390387", trust: 0.1, }, { db: "VULMON", id: "CVE-2021-30654", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-390387", }, { db: "VULMON", id: "CVE-2021-30654", }, { db: "JVNDB", id: "JVNDB-2021-013680", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202104-1090", }, { db: "NVD", id: "CVE-2021-30654", }, ], }, id: "VAR-202109-1304", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-390387", }, ], trust: 0.01, }, last_update_date: "2024-08-14T12:12:21.858000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HT212299 Apple Security update", trust: 0.8, url: "https://support.apple.com/en-us/HT212299", }, { title: "Apple GarageBand Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147672", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-013680", }, { db: "CNNVD", id: "CNNVD-202104-1090", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-013680", }, { db: "NVD", id: "CVE-2021-30654", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://support.apple.com/en-us/ht212299", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-30654", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041421", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-390387", }, { db: "VULMON", id: "CVE-2021-30654", }, { db: "JVNDB", id: "JVNDB-2021-013680", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202104-1090", }, { db: "NVD", id: "CVE-2021-30654", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-390387", }, { db: "VULMON", id: "CVE-2021-30654", }, { db: "JVNDB", id: "JVNDB-2021-013680", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202104-1090", }, { db: "NVD", id: "CVE-2021-30654", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-08T00:00:00", db: "VULHUB", id: "VHN-390387", }, { date: "2021-09-08T00:00:00", db: "VULMON", id: "CVE-2021-30654", }, { date: "2022-09-26T00:00:00", db: "JVNDB", id: "JVNDB-2021-013680", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-1090", }, { date: "2021-09-08T15:15:12.937000", db: "NVD", id: "CVE-2021-30654", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-17T00:00:00", db: "VULHUB", id: "VHN-390387", }, { date: "2021-09-17T00:00:00", db: "VULMON", id: "CVE-2021-30654", }, { date: "2022-09-26T01:23:00", db: "JVNDB", id: "JVNDB-2021-013680", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-09-18T00:00:00", db: "CNNVD", id: "CNNVD-202104-1090", }, { date: "2021-09-17T16:33:57.803000", db: "NVD", id: "CVE-2021-30654", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202104-1090", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "GarageBand Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2021-013680", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202104-975", }, ], trust: 0.6, }, }
var-202203-1363
Vulnerability from variot
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. Logic Pro , GarageBand , macOS Monterey Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-8 Logic Pro X 10.7.3
Logic Pro X 10.7.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213190. You can encrypt communications with Apple using the Apple Product Security PGP Key. Apple security documents reference vulnerabilities by CVE-ID when possible. CVE-2022-22664: Brandon Perry of Atredis Partners
All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0K0ACgkQeC9qKD1p rhiYtRAAlDDCvQcngppXAoN6wi9/LHijQ2wag0a4XBnuWSN5TjGw+8KB6/rhm9vB JCA/sTxqmYJYOyNXkMSNPhMSYWB496pE6IsBFCVzskVQNH2olVhzeOePtrNh9Dlt vzGcZc9h/NftwneTOYL1k3ODOzaM2gCOOMy39sEUuhRVCi5Q3qaHhY6u82allZrj Vyl5v/WsVrHGGCCmv4vuX/l+jZCM6XyY8VzpCbi8hu7mHFPfqjr6+/fX908fODLO JL7FmD8L32XGar4suiYZ6vBt4naFIN9blOyECRVLj050nD6O5GlVON8xQEH9Y1OA A4pq2R42VgXNZwqCK8ucby8CwkGZEu04O5zKZ7d6801RKzlCvWl0s9dGvxLpOrqV rlTneI/dce09H6a4Gqq1y2fNE0p9GhRlW4YEg7wWhp9+C8LhRkfk9VNm+UM7X3/+ vAxqO7O8MIDVGZeSqD2SJiDkcJNYl6kltrb9Jh7Ul+GBX2Sk0csZ3LTot0tU5oQR Kg12ldpt/62oH8u9nDCoSFD0uwv3OBDX3RdjkoRDMzzVa8coCM/3ddMjKkB/S2zn /TpIOwHbPBkKfcH6CpLHVEw24sEPjUFORWhuOL8eSD/7qBWtM9a2rMKdDabVrwmN YCdKSBwEzCp0C3MY1qbATNYULN4kTzaylZHF0BVfosnmuc7NOaw=SgpZ -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1363", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "logic pro x", scope: "lt", trust: 1, vendor: "apple", version: "10.7.3", }, { model: "garageband", scope: "lt", trust: 1, vendor: "apple", version: "10.4.6", }, { model: "macos", scope: "lt", trust: 1, vendor: "apple", version: "12.3", }, { model: "logic pro x", scope: null, trust: 0.8, vendor: "アップル", version: null, }, { model: "macos", scope: "eq", trust: 0.8, vendor: "アップル", version: "12.3", }, { model: "garageband", scope: null, trust: 0.8, vendor: "アップル", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-008432", }, { db: "NVD", id: "CVE-2022-22664", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple", sources: [ { db: "PACKETSTORM", id: "166310", }, { db: "PACKETSTORM", id: "166311", }, ], trust: 0.2, }, cve: "CVE-2022-22664", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2022-22664", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-411292", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2022-22664", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-22664", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-22664", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-22664", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202203-1240", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-411292", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2022-22664", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-411292", }, { db: "VULMON", id: "CVE-2022-22664", }, { db: "JVNDB", id: "JVNDB-2022-008432", }, { db: "CNNVD", id: "CNNVD-202203-1240", }, { db: "NVD", id: "CVE-2022-22664", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. Logic Pro , GarageBand , macOS Monterey Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-8 Logic Pro X 10.7.3\n\nLogic Pro X 10.7.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213190. You can encrypt communications with Apple using the Apple Product\nSecurity PGP Key. \nApple security documents reference vulnerabilities by CVE-ID when\npossible. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\n\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0K0ACgkQeC9qKD1p\nrhiYtRAAlDDCvQcngppXAoN6wi9/LHijQ2wag0a4XBnuWSN5TjGw+8KB6/rhm9vB\nJCA/sTxqmYJYOyNXkMSNPhMSYWB496pE6IsBFCVzskVQNH2olVhzeOePtrNh9Dlt\nvzGcZc9h/NftwneTOYL1k3ODOzaM2gCOOMy39sEUuhRVCi5Q3qaHhY6u82allZrj\nVyl5v/WsVrHGGCCmv4vuX/l+jZCM6XyY8VzpCbi8hu7mHFPfqjr6+/fX908fODLO\nJL7FmD8L32XGar4suiYZ6vBt4naFIN9blOyECRVLj050nD6O5GlVON8xQEH9Y1OA\nA4pq2R42VgXNZwqCK8ucby8CwkGZEu04O5zKZ7d6801RKzlCvWl0s9dGvxLpOrqV\nrlTneI/dce09H6a4Gqq1y2fNE0p9GhRlW4YEg7wWhp9+C8LhRkfk9VNm+UM7X3/+\nvAxqO7O8MIDVGZeSqD2SJiDkcJNYl6kltrb9Jh7Ul+GBX2Sk0csZ3LTot0tU5oQR\nKg12ldpt/62oH8u9nDCoSFD0uwv3OBDX3RdjkoRDMzzVa8coCM/3ddMjKkB/S2zn\n/TpIOwHbPBkKfcH6CpLHVEw24sEPjUFORWhuOL8eSD/7qBWtM9a2rMKdDabVrwmN\nYCdKSBwEzCp0C3MY1qbATNYULN4kTzaylZHF0BVfosnmuc7NOaw=SgpZ\n-----END PGP SIGNATURE-----\n\n\n", sources: [ { db: "NVD", id: "CVE-2022-22664", }, { db: "JVNDB", id: "JVNDB-2022-008432", }, { db: "VULHUB", id: "VHN-411292", }, { db: "VULMON", id: "CVE-2022-22664", }, { db: "PACKETSTORM", id: "166310", }, { db: "PACKETSTORM", id: "166311", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-22664", trust: 3.6, }, { db: "PACKETSTORM", id: "166311", trust: 0.8, }, { db: "PACKETSTORM", id: "166310", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-008432", trust: 0.8, }, { db: "CS-HELP", id: "SB2022031441", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-1240", trust: 0.6, }, { db: "VULHUB", id: "VHN-411292", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-22664", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-411292", }, { db: "VULMON", id: "CVE-2022-22664", }, { db: "JVNDB", id: "JVNDB-2022-008432", }, { db: "PACKETSTORM", id: "166310", }, { db: "PACKETSTORM", id: "166311", }, { db: "CNNVD", id: "CNNVD-202203-1240", }, { db: "NVD", id: "CVE-2022-22664", }, ], }, id: "VAR-202203-1363", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-411292", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:40:31.186000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HT213191", trust: 0.8, url: "https://support.apple.com/en-us/HT213183", }, { title: "Apple GarageBand and Apple macOS Monterey Buffer error vulnerability fix", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=186365", }, { title: "Apple: macOS Monterey 12.3", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180", }, { title: "https://github.com/brandonprry/apple_midi", trust: 0.1, url: "https://github.com/brandonprry/apple_midi ", }, { title: "About Me\nI’m currently looking for work!\nAbout this Page\nCurrent Employment / Main Projects\nPublications / Public Work\nEducation Information / Courses\nPast Employment / Internships / Works / Projects\nCompetition Participation\nCurrent Organizations\nPast Organizations\nEvents\nCredits", trust: 0.1, url: "https://github.com/koronkowy/koronkowy ", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/AlphabugX/CVE-2022-23305 ", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/AlphabugX/CVE-2022-RCE ", }, ], sources: [ { db: "VULMON", id: "CVE-2022-22664", }, { db: "JVNDB", id: "JVNDB-2022-008432", }, { db: "CNNVD", id: "CNNVD-202203-1240", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-125", trust: 1.1, }, { problemtype: "Out-of-bounds read (CWE-125) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-411292", }, { db: "JVNDB", id: "JVNDB-2022-008432", }, { db: "NVD", id: "CVE-2022-22664", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://support.apple.com/en-us/ht213183", }, { trust: 2.4, url: "https://support.apple.com/en-us/ht213190", }, { trust: 1.8, url: "https://support.apple.com/en-us/ht213191", }, { trust: 1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22664", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/166310/apple-security-advisory-2022-03-14-8.html", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022031441", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/166311/apple-security-advisory-2022-03-14-9.html", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-22664/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22657", }, { trust: 0.2, url: "https://support.apple.com/en-us/ht201222.", }, { trust: 0.2, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/125.html", }, { trust: 0.1, url: "https://github.com/brandonprry/apple_midi", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/koronkowy/koronkowy", }, { trust: 0.1, url: "https://github.com/alphabugx/cve-2022-23305", }, { trust: 0.1, url: "https://support.apple.com/kb/ht213183", }, { trust: 0.1, url: "https://support.apple.com/ht213190.", }, { trust: 0.1, url: "https://support.apple.com/ht213191.", }, ], sources: [ { db: "VULHUB", id: "VHN-411292", }, { db: "VULMON", id: "CVE-2022-22664", }, { db: "JVNDB", id: "JVNDB-2022-008432", }, { db: "PACKETSTORM", id: "166310", }, { db: "PACKETSTORM", id: "166311", }, { db: "CNNVD", id: "CNNVD-202203-1240", }, { db: "NVD", id: "CVE-2022-22664", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-411292", }, { db: "VULMON", id: "CVE-2022-22664", }, { db: "JVNDB", id: "JVNDB-2022-008432", }, { db: "PACKETSTORM", id: "166310", }, { db: "PACKETSTORM", id: "166311", }, { db: "CNNVD", id: "CNNVD-202203-1240", }, { db: "NVD", id: "CVE-2022-22664", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-18T00:00:00", db: "VULHUB", id: "VHN-411292", }, { date: "2022-03-18T00:00:00", db: "VULMON", id: "CVE-2022-22664", }, { date: "2023-07-27T00:00:00", db: "JVNDB", id: "JVNDB-2022-008432", }, { date: "2022-03-15T15:44:52", db: "PACKETSTORM", id: "166310", }, { date: "2022-03-15T15:45:07", db: "PACKETSTORM", id: "166311", }, { date: "2022-03-14T00:00:00", db: "CNNVD", id: "CNNVD-202203-1240", }, { date: "2022-03-18T18:15:15.080000", db: "NVD", id: "CVE-2022-22664", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-25T00:00:00", db: "VULHUB", id: "VHN-411292", }, { date: "2022-03-25T00:00:00", db: "VULMON", id: "CVE-2022-22664", }, { date: "2023-07-27T01:48:00", db: "JVNDB", id: "JVNDB-2022-008432", }, { date: "2022-12-09T00:00:00", db: "CNNVD", id: "CNNVD-202203-1240", }, { date: "2024-11-21T06:47:13.880000", db: "NVD", id: "CVE-2022-22664", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202203-1240", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Apple Product out-of-bounds read vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-008432", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202203-1240", }, ], trust: 0.6, }, }
var-202203-1362
Vulnerability from variot
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-8 Logic Pro X 10.7.3
Logic Pro X 10.7.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213190. You can encrypt communications with Apple using the Apple Product Security PGP Key. Apple security documents reference vulnerabilities by CVE-ID when possible. CVE-2022-22664: Brandon Perry of Atredis Partners
All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0K0ACgkQeC9qKD1p rhiYtRAAlDDCvQcngppXAoN6wi9/LHijQ2wag0a4XBnuWSN5TjGw+8KB6/rhm9vB JCA/sTxqmYJYOyNXkMSNPhMSYWB496pE6IsBFCVzskVQNH2olVhzeOePtrNh9Dlt vzGcZc9h/NftwneTOYL1k3ODOzaM2gCOOMy39sEUuhRVCi5Q3qaHhY6u82allZrj Vyl5v/WsVrHGGCCmv4vuX/l+jZCM6XyY8VzpCbi8hu7mHFPfqjr6+/fX908fODLO JL7FmD8L32XGar4suiYZ6vBt4naFIN9blOyECRVLj050nD6O5GlVON8xQEH9Y1OA A4pq2R42VgXNZwqCK8ucby8CwkGZEu04O5zKZ7d6801RKzlCvWl0s9dGvxLpOrqV rlTneI/dce09H6a4Gqq1y2fNE0p9GhRlW4YEg7wWhp9+C8LhRkfk9VNm+UM7X3/+ vAxqO7O8MIDVGZeSqD2SJiDkcJNYl6kltrb9Jh7Ul+GBX2Sk0csZ3LTot0tU5oQR Kg12ldpt/62oH8u9nDCoSFD0uwv3OBDX3RdjkoRDMzzVa8coCM/3ddMjKkB/S2zn /TpIOwHbPBkKfcH6CpLHVEw24sEPjUFORWhuOL8eSD/7qBWtM9a2rMKdDabVrwmN YCdKSBwEzCp0C3MY1qbATNYULN4kTzaylZHF0BVfosnmuc7NOaw=SgpZ -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1362", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "logic pro x", scope: "lt", trust: 1, vendor: "apple", version: "10.7.3", }, { model: "garageband", scope: "lt", trust: 1, vendor: "apple", version: "10.4.6", }, { model: "macos", scope: "lt", trust: 1, vendor: "apple", version: "12.3", }, { model: "logic pro x", scope: null, trust: 0.8, vendor: "アップル", version: null, }, { model: "macos", scope: "eq", trust: 0.8, vendor: "アップル", version: "12.3", }, { model: "garageband", scope: null, trust: 0.8, vendor: "アップル", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-008433", }, { db: "NVD", id: "CVE-2022-22657", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple", sources: [ { db: "PACKETSTORM", id: "166310", }, { db: "PACKETSTORM", id: "166311", }, ], trust: 0.2, }, cve: "CVE-2022-22657", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2022-22657", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-411285", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2022-22657", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-22657", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-22657", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-22657", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202203-1251", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-411285", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2022-22657", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-411285", }, { db: "VULMON", id: "CVE-2022-22657", }, { db: "JVNDB", id: "JVNDB-2022-008433", }, { db: "CNNVD", id: "CNNVD-202203-1251", }, { db: "NVD", id: "CVE-2022-22657", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-8 Logic Pro X 10.7.3\n\nLogic Pro X 10.7.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213190. You can encrypt communications with Apple using the Apple Product\nSecurity PGP Key. \nApple security documents reference vulnerabilities by CVE-ID when\npossible. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\n\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0K0ACgkQeC9qKD1p\nrhiYtRAAlDDCvQcngppXAoN6wi9/LHijQ2wag0a4XBnuWSN5TjGw+8KB6/rhm9vB\nJCA/sTxqmYJYOyNXkMSNPhMSYWB496pE6IsBFCVzskVQNH2olVhzeOePtrNh9Dlt\nvzGcZc9h/NftwneTOYL1k3ODOzaM2gCOOMy39sEUuhRVCi5Q3qaHhY6u82allZrj\nVyl5v/WsVrHGGCCmv4vuX/l+jZCM6XyY8VzpCbi8hu7mHFPfqjr6+/fX908fODLO\nJL7FmD8L32XGar4suiYZ6vBt4naFIN9blOyECRVLj050nD6O5GlVON8xQEH9Y1OA\nA4pq2R42VgXNZwqCK8ucby8CwkGZEu04O5zKZ7d6801RKzlCvWl0s9dGvxLpOrqV\nrlTneI/dce09H6a4Gqq1y2fNE0p9GhRlW4YEg7wWhp9+C8LhRkfk9VNm+UM7X3/+\nvAxqO7O8MIDVGZeSqD2SJiDkcJNYl6kltrb9Jh7Ul+GBX2Sk0csZ3LTot0tU5oQR\nKg12ldpt/62oH8u9nDCoSFD0uwv3OBDX3RdjkoRDMzzVa8coCM/3ddMjKkB/S2zn\n/TpIOwHbPBkKfcH6CpLHVEw24sEPjUFORWhuOL8eSD/7qBWtM9a2rMKdDabVrwmN\nYCdKSBwEzCp0C3MY1qbATNYULN4kTzaylZHF0BVfosnmuc7NOaw=SgpZ\n-----END PGP SIGNATURE-----\n\n\n", sources: [ { db: "NVD", id: "CVE-2022-22657", }, { db: "JVNDB", id: "JVNDB-2022-008433", }, { db: "VULHUB", id: "VHN-411285", }, { db: "VULMON", id: "CVE-2022-22657", }, { db: "PACKETSTORM", id: "166310", }, { db: "PACKETSTORM", id: "166311", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-22657", trust: 3.6, }, { db: "PACKETSTORM", id: "166311", trust: 0.8, }, { db: "PACKETSTORM", id: "166310", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-008433", trust: 0.8, }, { db: "CS-HELP", id: "SB2022031441", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-1251", trust: 0.6, }, { db: "VULHUB", id: "VHN-411285", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-22657", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-411285", }, { db: "VULMON", id: "CVE-2022-22657", }, { db: "JVNDB", id: "JVNDB-2022-008433", }, { db: "PACKETSTORM", id: "166310", }, { db: "PACKETSTORM", id: "166311", }, { db: "CNNVD", id: "CNNVD-202203-1251", }, { db: "NVD", id: "CVE-2022-22657", }, ], }, id: "VAR-202203-1362", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-411285", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:40:31.222000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HT213191", trust: 0.8, url: "https://support.apple.com/en-us/HT213183", }, { title: "Apple macOS Monterey Buffer error vulnerability fix", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=185753", }, { title: "Apple: macOS Monterey 12.3", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180", }, { title: "https://github.com/brandonprry/apple_midi", trust: 0.1, url: "https://github.com/brandonprry/apple_midi ", }, { title: "About Me\nI’m currently looking for work!\nAbout this Page\nCurrent Employment / Main Projects\nPublications / Public Work\nEducation Information / Courses\nPast Employment / Internships / Works / Projects\nCompetition Participation\nCurrent Organizations\nPast Organizations\nEvents\nCredits", trust: 0.1, url: "https://github.com/koronkowy/koronkowy ", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/AlphabugX/CVE-2022-23305 ", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/AlphabugX/CVE-2022-RCE ", }, ], sources: [ { db: "VULMON", id: "CVE-2022-22657", }, { db: "JVNDB", id: "JVNDB-2022-008433", }, { db: "CNNVD", id: "CNNVD-202203-1251", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-665", trust: 1.1, }, { problemtype: "Improper initialization (CWE-665) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-411285", }, { db: "JVNDB", id: "JVNDB-2022-008433", }, { db: "NVD", id: "CVE-2022-22657", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://support.apple.com/en-us/ht213183", }, { trust: 2.4, url: "https://support.apple.com/en-us/ht213190", }, { trust: 1.8, url: "https://support.apple.com/en-us/ht213191", }, { trust: 1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22657", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/166310/apple-security-advisory-2022-03-14-8.html", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022031441", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/166311/apple-security-advisory-2022-03-14-9.html", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-22657/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22664", }, { trust: 0.2, url: "https://support.apple.com/en-us/ht201222.", }, { trust: 0.2, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/665.html", }, { trust: 0.1, url: "https://github.com/brandonprry/apple_midi", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/koronkowy/koronkowy", }, { trust: 0.1, url: "https://github.com/alphabugx/cve-2022-23305", }, { trust: 0.1, url: "https://support.apple.com/kb/ht213183", }, { trust: 0.1, url: "https://support.apple.com/ht213190.", }, { trust: 0.1, url: "https://support.apple.com/ht213191.", }, ], sources: [ { db: "VULHUB", id: "VHN-411285", }, { db: "VULMON", id: "CVE-2022-22657", }, { db: "JVNDB", id: "JVNDB-2022-008433", }, { db: "PACKETSTORM", id: "166310", }, { db: "PACKETSTORM", id: "166311", }, { db: "CNNVD", id: "CNNVD-202203-1251", }, { db: "NVD", id: "CVE-2022-22657", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-411285", }, { db: "VULMON", id: "CVE-2022-22657", }, { db: "JVNDB", id: "JVNDB-2022-008433", }, { db: "PACKETSTORM", id: "166310", }, { db: "PACKETSTORM", id: "166311", }, { db: "CNNVD", id: "CNNVD-202203-1251", }, { db: "NVD", id: "CVE-2022-22657", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-18T00:00:00", db: "VULHUB", id: "VHN-411285", }, { date: "2022-03-18T00:00:00", db: "VULMON", id: "CVE-2022-22657", }, { date: "2023-07-27T00:00:00", db: "JVNDB", id: "JVNDB-2022-008433", }, { date: "2022-03-15T15:44:52", db: "PACKETSTORM", id: "166310", }, { date: "2022-03-15T15:45:07", db: "PACKETSTORM", id: "166311", }, { date: "2022-03-14T00:00:00", db: "CNNVD", id: "CNNVD-202203-1251", }, { date: "2022-03-18T18:15:14.917000", db: "NVD", id: "CVE-2022-22657", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-25T00:00:00", db: "VULHUB", id: "VHN-411285", }, { date: "2022-03-25T00:00:00", db: "VULMON", id: "CVE-2022-22657", }, { date: "2023-07-27T01:50:00", db: "JVNDB", id: "JVNDB-2022-008433", }, { date: "2022-12-09T00:00:00", db: "CNNVD", id: "CNNVD-202203-1251", }, { date: "2024-11-21T06:47:13.157000", db: "NVD", id: "CVE-2022-22657", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202203-1251", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Apple Product initialization vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-008433", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202203-1251", }, ], trust: 0.6, }, }
var-200908-0264
Vulnerability from variot
Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. Apple GarageBand is prone to an information-disclosure vulnerability. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in tracking a user's web activities. This issue affects versions prior to GarageBand 5.1 for Mac OS X 10.5.7. Apple GarageBand is a set of music production software from Apple (Apple). ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Apple GarageBand Web Activity Tracking Disclosure
SECUNIA ADVISORY ID: SA36114
VERIFY ADVISORY: http://secunia.com/advisories/36114/
DESCRIPTION: A security issue has been reported in GarageBand, which can be exploited by malicious people to gain knowledge of sensitive information.
The problem is caused due to Safari's preferences being changed to always accept cookies when opening GarageBand. This could allow third parties and advertisers to track a user's web activity.
SOLUTION: Update to version 5.1. http://support.apple.com/downloads/GarageBand_5_1
NOTE: Users of previous versions should also check that their Safari preferences are set as desired.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://support.apple.com/kb/HT3732
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-200908-0264", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "garageband", scope: "eq", trust: 1.6, vendor: "apple", version: "4.1.2", }, { model: "garageband", scope: "eq", trust: 1.6, vendor: "apple", version: "5.0.1", }, { model: "garageband", scope: "eq", trust: 1.6, vendor: "apple", version: "5.0", }, { model: "garageband", scope: "eq", trust: 1.6, vendor: "apple", version: "4.1.1", }, { model: "garageband", scope: "lte", trust: 1, vendor: "apple", version: "5.0.2", }, { model: "garageband", scope: "eq", trust: 0.9, vendor: "apple", version: "5.0.2", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "v10.5.7", }, { model: "garageband", scope: "ne", trust: 0.3, vendor: "apple", version: "5.1", }, ], sources: [ { db: "BID", id: "35926", }, { db: "JVNDB", id: "JVNDB-2009-001971", }, { db: "CNNVD", id: "CNNVD-200908-506", }, { db: "NVD", id: "CVE-2009-2198", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:apple:mac_os_x", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2009-001971", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple", sources: [ { db: "CNNVD", id: "CNNVD-200908-506", }, ], trust: 0.6, }, cve: "CVE-2009-2198", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2009-2198", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-39644", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-2009-2198", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2009-2198", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-200908-506", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-39644", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-39644", }, { db: "JVNDB", id: "JVNDB-2009-001971", }, { db: "CNNVD", id: "CNNVD-200908-506", }, { db: "NVD", id: "CVE-2009-2198", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. Apple GarageBand is prone to an information-disclosure vulnerability. \nExploiting the issue may allow an attacker to obtain sensitive information that could aid in tracking a user's web activities. \nThis issue affects versions prior to GarageBand 5.1 for Mac OS X 10.5.7. Apple GarageBand is a set of music production software from Apple (Apple). ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nApple GarageBand Web Activity Tracking Disclosure\n\nSECUNIA ADVISORY ID:\nSA36114\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36114/\n\nDESCRIPTION:\nA security issue has been reported in GarageBand, which can be\nexploited by malicious people to gain knowledge of sensitive\ninformation. \n\nThe problem is caused due to Safari's preferences being changed to\nalways accept cookies when opening GarageBand. This could allow third\nparties and advertisers to track a user's web activity. \n\nSOLUTION:\nUpdate to version 5.1. \nhttp://support.apple.com/downloads/GarageBand_5_1\n\nNOTE: Users of previous versions should also check that their Safari\npreferences are set as desired. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://support.apple.com/kb/HT3732\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", sources: [ { db: "NVD", id: "CVE-2009-2198", }, { db: "JVNDB", id: "JVNDB-2009-001971", }, { db: "BID", id: "35926", }, { db: "VULHUB", id: "VHN-39644", }, { db: "PACKETSTORM", id: "79912", }, ], trust: 2.07, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2009-2198", trust: 2.8, }, { db: "BID", id: "35926", trust: 2.8, }, { db: "SECUNIA", id: "36114", trust: 2.6, }, { db: "SECTRACK", id: "1022649", trust: 2.5, }, { db: "VUPEN", id: "ADV-2009-2141", trust: 2.5, }, { db: "OSVDB", id: "56738", trust: 2.5, }, { db: "XF", id: "52248", trust: 1.4, }, { db: "JVNDB", id: "JVNDB-2009-001971", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-200908-506", trust: 0.7, }, { db: "APPLE", id: "APPLE-SA-2009-08-03-1", trust: 0.6, }, { db: "VULHUB", id: "VHN-39644", trust: 0.1, }, { db: "PACKETSTORM", id: "79912", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-39644", }, { db: "BID", id: "35926", }, { db: "JVNDB", id: "JVNDB-2009-001971", }, { db: "PACKETSTORM", id: "79912", }, { db: "CNNVD", id: "CNNVD-200908-506", }, { db: "NVD", id: "CVE-2009-2198", }, ], }, id: "VAR-200908-0264", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-39644", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:27:52.292000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HT3732", trust: 0.8, url: "http://support.apple.com/kb/HT3732", }, { title: "HT3732", trust: 0.8, url: "http://support.apple.com/kb/HT3732?viewlocale=ja_JP", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2009-001971", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-264", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-39644", }, { db: "JVNDB", id: "JVNDB-2009-001971", }, { db: "NVD", id: "CVE-2009-2198", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://www.securityfocus.com/bid/35926", }, { trust: 2.5, url: "http://osvdb.org/56738", }, { trust: 2.5, url: "http://www.securitytracker.com/id?1022649", }, { trust: 2.5, url: "http://secunia.com/advisories/36114", }, { trust: 2.5, url: "http://www.vupen.com/english/advisories/2009/2141", }, { trust: 1.8, url: "http://support.apple.com/kb/ht3732", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2009/aug/msg00000.html", }, { trust: 1.4, url: "http://xforce.iss.net/xforce/xfdb/52248", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52248", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2198", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2198", }, { trust: 0.3, url: "http://www.apple.com/ilife/garageband/", }, { trust: 0.1, url: "http://secunia.com/advisories/secunia_security_advisories/", }, { trust: 0.1, url: "http://support.apple.com/downloads/garageband_5_1", }, { trust: 0.1, url: "http://secunia.com/advisories/business_solutions/", }, { trust: 0.1, url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org", }, { trust: 0.1, url: "http://secunia.com/advisories/36114/", }, { trust: 0.1, url: "http://secunia.com/advisories/about_secunia_advisories/", }, ], sources: [ { db: "VULHUB", id: "VHN-39644", }, { db: "BID", id: "35926", }, { db: "JVNDB", id: "JVNDB-2009-001971", }, { db: "PACKETSTORM", id: "79912", }, { db: "CNNVD", id: "CNNVD-200908-506", }, { db: "NVD", id: "CVE-2009-2198", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-39644", }, { db: "BID", id: "35926", }, { db: "JVNDB", id: "JVNDB-2009-001971", }, { db: "PACKETSTORM", id: "79912", }, { db: "CNNVD", id: "CNNVD-200908-506", }, { db: "NVD", id: "CVE-2009-2198", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2009-08-04T00:00:00", db: "VULHUB", id: "VHN-39644", }, { date: "2009-08-03T00:00:00", db: "BID", id: "35926", }, { date: "2009-09-04T00:00:00", db: "JVNDB", id: "JVNDB-2009-001971", }, { date: "2009-08-05T08:42:40", db: "PACKETSTORM", id: "79912", }, { date: "2009-08-04T00:00:00", db: "CNNVD", id: "CNNVD-200908-506", }, { date: "2009-08-04T16:30:00.327000", db: "NVD", id: "CVE-2009-2198", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-08-17T00:00:00", db: "VULHUB", id: "VHN-39644", }, { date: "2009-08-27T22:22:00", db: "BID", id: "35926", }, { date: "2009-09-04T00:00:00", db: "JVNDB", id: "JVNDB-2009-001971", }, { date: "2009-08-18T00:00:00", db: "CNNVD", id: "CNNVD-200908-506", }, { date: "2024-11-21T01:04:21.900000", db: "NVD", id: "CVE-2009-2198", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-200908-506", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple GarageBand Information Disclosure Vulnerability", sources: [ { db: "BID", id: "35926", }, { db: "CNNVD", id: "CNNVD-200908-506", }, ], trust: 0.9, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control", sources: [ { db: "CNNVD", id: "CNNVD-200908-506", }, ], trust: 0.6, }, }
var-201702-0887
Vulnerability from variot
An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file. Apple From GarageBand and Logic Pro X An update for has been released.Crafted GarageBand An arbitrary code may be executed by opening the project file. Apple GarageBand is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Apple GarageBand is a set of music production software from Apple (Apple). A memory corruption vulnerability exists in versions of Apple GarageBand prior to 10.1.6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-02-21-1 GarageBand 10.1.6
GarageBand 10.1.6 is now available and addresses the following:
Projects Available for: OS X Yosemite v10.10 or later Impact: Opening a maliciously crafted GarageBand Project file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2374: Tyler Bohan of Cisco Talos
Installation note:
GarageBand may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYrImXAAoJEIOj74w0bLRGyr0QAILapV0W5UfNAcFn8FeZIXKw H10/c+doJ41Y3QQH+4qo+Y0eMVlKLc8zkQk0Ocz+e3RYtScFCELVysX037qczPuW Znr9lvycMgpuYfIosWmde+1FF7nvSiN7RvAVRMBN4OIOmFT82h+vFxZf2Zeka4JL Ali8kh6uK3W3A8kNJiO0sM/r0G8nRf6OvgtH5YL9gjBc9e6J1m4upx4KEMPRlaiY Ykn7Y03gYk11LwTlB1Q5f+b88VTMtItPLadal3ICQONXGGBu6GyvjOLQVAxVvggn K4pgPRSDh/YvRlCcXl319sJigg+0Fa6gFk/NHcMI4YzOhxWHNUWDzrG721aJCRer 6YWcD6LgHsJODi8yp4yuJ3DbESh3WFiWS4ATVJThOuW8hATGhukbPHvwcoPaM3rN 5MLhImi9QpT2rE92DpQ5X0m/KzLdhOrgk3CnyR1aKmP2L2qD4ZbKlwdMwIKByxlW ypcv+C9BP31KcPLbLhsQGOuNb4NGeTbKv/yQvHB3KeN/w750WtMamT2CE8sFkPnu +X5wQk6pZi6e4Xc5nQbLkIHEPtZNo4O8qUoPPmaTsK6lwcvB1C5/09Zcfc3pOBy7 +Cp+6dimx/nbCcK4dW8QzIZIEd88hXhk9I441lBUGE4AMXU6l5npV/DaZTZOj6Ga b9ZTShls177KyTLSw0CW =gmwM -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0887", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "garageband", scope: "lte", trust: 1, vendor: "apple", version: "10.1.5", }, { model: "garageband", scope: "eq", trust: 0.9, vendor: "apple", version: "10.1.5", }, { model: "garageband", scope: "lt", trust: 0.8, vendor: "apple", version: "10.1.6 earlier", }, { model: "logic pro x", scope: "lt", trust: 0.8, vendor: "apple", version: "10.3.1 earlier", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.12.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.12.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.6", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.12.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11", }, { model: "logic pro", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.3", }, { model: "logic pro", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.2", }, { model: "logic pro", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.1", }, { model: "garageband", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.2", }, { model: "garageband", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1", }, { model: "garageband", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1", }, { model: "logic pro", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.3.1", }, { model: "garageband", scope: "ne", trust: 0.3, vendor: "apple", version: "10.1.6", }, ], sources: [ { db: "BID", id: "96171", }, { db: "JVNDB", id: "JVNDB-2017-001449", }, { db: "CNNVD", id: "CNNVD-201702-650", }, { db: "NVD", id: "CVE-2017-2374", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:apple:garageband", vulnerable: true, }, { cpe22Uri: "cpe:/a:apple:logic_pro_x", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-001449", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Tyler Bohan of Cisco Talos", sources: [ { db: "BID", id: "96171", }, { db: "CNNVD", id: "CNNVD-201702-650", }, ], trust: 0.9, }, cve: "CVE-2017-2374", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2017-2374", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-110577", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2017-2374", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-2374", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2017-2374", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201702-650", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-110577", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-110577", }, { db: "JVNDB", id: "JVNDB-2017-001449", }, { db: "CNNVD", id: "CNNVD-201702-650", }, { db: "NVD", id: "CVE-2017-2374", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the \"Projects\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file. Apple From GarageBand and Logic Pro X An update for has been released.Crafted GarageBand An arbitrary code may be executed by opening the project file. Apple GarageBand is prone to a memory-corruption vulnerability. \nAttackers can exploit this issue to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Apple GarageBand is a set of music production software from Apple (Apple). A memory corruption vulnerability exists in versions of Apple GarageBand prior to 10.1.6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-02-21-1 GarageBand 10.1.6\n\nGarageBand 10.1.6 is now available and addresses the following:\n\nProjects\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Opening a maliciously crafted GarageBand Project file may\nlead to arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2017-2374: Tyler Bohan of Cisco Talos\n\nInstallation note:\n\nGarageBand may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYrImXAAoJEIOj74w0bLRGyr0QAILapV0W5UfNAcFn8FeZIXKw\nH10/c+doJ41Y3QQH+4qo+Y0eMVlKLc8zkQk0Ocz+e3RYtScFCELVysX037qczPuW\nZnr9lvycMgpuYfIosWmde+1FF7nvSiN7RvAVRMBN4OIOmFT82h+vFxZf2Zeka4JL\nAli8kh6uK3W3A8kNJiO0sM/r0G8nRf6OvgtH5YL9gjBc9e6J1m4upx4KEMPRlaiY\nYkn7Y03gYk11LwTlB1Q5f+b88VTMtItPLadal3ICQONXGGBu6GyvjOLQVAxVvggn\nK4pgPRSDh/YvRlCcXl319sJigg+0Fa6gFk/NHcMI4YzOhxWHNUWDzrG721aJCRer\n6YWcD6LgHsJODi8yp4yuJ3DbESh3WFiWS4ATVJThOuW8hATGhukbPHvwcoPaM3rN\n5MLhImi9QpT2rE92DpQ5X0m/KzLdhOrgk3CnyR1aKmP2L2qD4ZbKlwdMwIKByxlW\nypcv+C9BP31KcPLbLhsQGOuNb4NGeTbKv/yQvHB3KeN/w750WtMamT2CE8sFkPnu\n+X5wQk6pZi6e4Xc5nQbLkIHEPtZNo4O8qUoPPmaTsK6lwcvB1C5/09Zcfc3pOBy7\n+Cp+6dimx/nbCcK4dW8QzIZIEd88hXhk9I441lBUGE4AMXU6l5npV/DaZTZOj6Ga\nb9ZTShls177KyTLSw0CW\n=gmwM\n-----END PGP SIGNATURE-----\n\n\n\n", sources: [ { db: "NVD", id: "CVE-2017-2374", }, { db: "JVNDB", id: "JVNDB-2017-001449", }, { db: "BID", id: "96171", }, { db: "VULHUB", id: "VHN-110577", }, { db: "PACKETSTORM", id: "141290", }, { db: "PACKETSTORM", id: "141291", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-2374", trust: 3, }, { db: "BID", id: "96171", trust: 2, }, { db: "TALOS", id: "TALOS-2017-0275", trust: 1.1, }, { db: "SECTRACK", id: "1037868", trust: 1.1, }, { db: "JVN", id: "JVNVU99002156", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2017-001449", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201702-650", trust: 0.7, }, { db: "PACKETSTORM", id: "141290", trust: 0.2, }, { db: "PACKETSTORM", id: "141291", trust: 0.2, }, { db: "SEEBUG", id: "SSVID-96572", trust: 0.1, }, { db: "VULHUB", id: "VHN-110577", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-110577", }, { db: "BID", id: "96171", }, { db: "JVNDB", id: "JVNDB-2017-001449", }, { db: "PACKETSTORM", id: "141290", }, { db: "PACKETSTORM", id: "141291", }, { db: "CNNVD", id: "CNNVD-201702-650", }, { db: "NVD", id: "CVE-2017-2374", }, ], }, id: "VAR-201702-0887", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-110577", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:13:10.243000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HT207519", trust: 0.8, url: "https://support.apple.com/en-us/HT207519", }, { title: "HT207518", trust: 0.8, url: "https://support.apple.com/en-us/HT207518", }, { title: "HT207519", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207519", }, { title: "HT207518", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207518", }, { title: "Vulnerability Spotlight: Apple Garage Band Out of Bounds Write Vulnerability", trust: 0.8, url: "http://blog.talosintelligence.com/2017/02/apple-garageband.html", }, { title: "Apple GarageBand Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68180", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-001449", }, { db: "CNNVD", id: "CNNVD-201702-650", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-110577", }, { db: "JVNDB", id: "JVNDB-2017-001449", }, { db: "NVD", id: "CVE-2017-2374", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "http://www.securityfocus.com/bid/96171", }, { trust: 1.7, url: "https://support.apple.com/ht207518", }, { trust: 1.1, url: "http://www.talosintelligence.com/reports/talos-2017-0275/", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1037868", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2374", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu99002156/index.html", }, { trust: 0.8, url: "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-2374", }, { trust: 0.3, url: "https://www.apple.com/", }, { trust: 0.3, url: "http://www.apple.com/in/mac/garageband/", }, { trust: 0.3, url: "https://support.apple.com/en-us/ht207519", }, { trust: 0.3, url: "https://support.apple.com/en-us/ht207518", }, { trust: 0.2, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2374", }, { trust: 0.2, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.2, url: "https://gpgtools.org", }, ], sources: [ { db: "VULHUB", id: "VHN-110577", }, { db: "BID", id: "96171", }, { db: "JVNDB", id: "JVNDB-2017-001449", }, { db: "PACKETSTORM", id: "141290", }, { db: "PACKETSTORM", id: "141291", }, { db: "CNNVD", id: "CNNVD-201702-650", }, { db: "NVD", id: "CVE-2017-2374", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-110577", }, { db: "BID", id: "96171", }, { db: "JVNDB", id: "JVNDB-2017-001449", }, { db: "PACKETSTORM", id: "141290", }, { db: "PACKETSTORM", id: "141291", }, { db: "CNNVD", id: "CNNVD-201702-650", }, { db: "NVD", id: "CVE-2017-2374", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-02-20T00:00:00", db: "VULHUB", id: "VHN-110577", }, { date: "2017-02-13T00:00:00", db: "BID", id: "96171", }, { date: "2017-02-20T00:00:00", db: "JVNDB", id: "JVNDB-2017-001449", }, { date: "2017-02-24T01:20:10", db: "PACKETSTORM", id: "141290", }, { date: "2017-02-24T01:22:37", db: "PACKETSTORM", id: "141291", }, { date: "2017-02-22T00:00:00", db: "CNNVD", id: "CNNVD-201702-650", }, { date: "2017-02-20T08:59:05.463000", db: "NVD", id: "CVE-2017-2374", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-07-25T00:00:00", db: "VULHUB", id: "VHN-110577", }, { date: "2017-03-07T02:06:00", db: "BID", id: "96171", }, { date: "2017-02-23T00:00:00", db: "JVNDB", id: "JVNDB-2017-001449", }, { date: "2017-02-22T00:00:00", db: "CNNVD", id: "CNNVD-201702-650", }, { date: "2024-11-21T03:23:23.927000", db: "NVD", id: "CVE-2017-2374", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201702-650", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple GarageBand and Logic Pro X Update for vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2017-001449", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer overflow", sources: [ { db: "CNNVD", id: "CNNVD-201702-650", }, ], trust: 0.6, }, }