503 matches found
CVE-2025-43287
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory...
About the security content of iOS 16.7.12 and iPadOS 16.7.12
About the security content of iOS 16.7.12 and iPadOS 16.7.12 This document describes the security content of iOS 16.7.12 and iPadOS 16.7.12. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying malicious PNG image data or URLs. Details Denial of...
PT-2025-34787 · Jspdf · Jspdf
Name of the Vulnerable Software and Affected Versions: jsPDF versions prior to 3.0.2 Description: jsPDF is a JavaScript library used to generate PDFs. Prior to version 3.0.2, user control over the first argument of the addImage method can lead to high CPU utilization and denial of service...
CVE-2025-43300
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in a...
CVE-2025-43300
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious imag...
CVE-2025-43300
CVE-2025-43300 is a critical memory-corruption vulnerability in Apple’s image-processing path (JPEG Lossless in RawCamera.bundle) triggered by a DNG/ TIFF metadata inconsistency. The root cause is a mismatch between TIFF SamplesPerPixel and the JPEG SOF3 component count, causing an out-of-bounds ...
CVE-2025-43300
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in a...
macOS 15.x < 15.6.1 (124927)
The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.6.1. It is, therefore, affected by a vulnerability: - Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticat...
PT-2025-34177
Name of the Vulnerable Software and Affected Versions: Apple iOS, iPadOS, and macOS versions 15.6.1, 15.7, 15.8.5, 16.7.12, 17.7.10, and 18.6.2 are affected. Description: Apple has addressed a zero-day vulnerability CVE-2025-43300 in the ImageIO framework. This is an out-of-bounds write issue tha...
About the security content of macOS Sonoma 14.7.8
About the security content of macOS Sonoma 14.7.8 This document describes the security content of macOS Sonoma 14.7.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...
About the security content of iOS 18.6.2 and iPadOS 18.6.2
About the security content of iOS 18.6.2 and iPadOS 18.6.2 This document describes the security content of iOS 18.6.2 and iPadOS 18.6.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
macOS 13.x < 13.7.8 (124929)
The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.7.8. It is, therefore, affected by a vulnerability: - Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticat...
macOS 14.x < 14.7.8 (124928)
The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.7.8. It is, therefore, affected by a vulnerability: - Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticat...
VulnCheck KEV: CVE-2025-43300
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious imag...
CVE-2025-43226
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6. Processing a maliciously crafted image may result in disclosure of process memory...
CVE-2025-43215
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may result in disclosure of process memory...
webkitgtk: processing a malicious image may lead to a denial of service
A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing a malicious image, which could result in a denial of service...
Heap Based Buffer Overflow
Pillow is vulnerable to heap-based buffer overflow.. The vulnerability is due to writing into a buffer without checking for available space when saving a large 64k image in DDS format, which allows an attacker to trigger a heap buffer overflow by tricking the application into processing malicious...
CVE-2025-40663
Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...