Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

Related CPE's

a

apple

safari

Vulnerable

o

apple

ipados

Vulnerable

o

apple

iphone_os

Vulnerable

o

fedoraproject

fedora

3

o

debian

debian_linux

2

References

http://seclists.org/fulldisclosure/2022/Oct/28

http://seclists.org/fulldisclosure/2022/Oct/39

http://seclists.org/fulldisclosure/2022/Oct/41

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/09/msg00034.html

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74MXH2U5GA4CX3L3NLYP4TBO4O2VOPBJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDV6OLKDTL55NH4LNSMLQ4D6LLSX6JU2/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDNT32WIARRD2ANWKGCTTIQXI6OII7HZ/

https://security.gentoo.org/glsa/202305-32

https://support.apple.com/en-us/HT213442

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213445

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213446

Release NotesVendor Advisory

https://www.debian.org/security/2022/dsa-5240

Mailing ListThird Party Advisory

https://www.debian.org/security/2022/dsa-5241

Mailing ListThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-09-20T21:15:11.037

2 years ago

Last modified

2023-05-30T06:15:19.837

2 years ago