63 matches found
CVE-2017-7167
CVE-2017-7167 affects Apple Xcode before 9.2, where the ld64 linker component contains a buffer overflow. The flaw allows arbitrary code execution with user privileges when compiling with untrusted sources, leading to a high-severity outcome in the 3.0 CVSS (local, exploitable with no user intera...
CVE-2019-8723
CVE-2019-8723 affects the ld64 component in Apple Xcode toolchains. The issue stems from insufficient input validation in ld64, enabling arbitrary code execution with user privileges when compiling code. The vulnerability is addressed by updating to Xcode 11.0, which includes ld64-507.4. Public d...
CVE-2019-8739
CVE-2019-8739 affects Apple’s Xcode toolchain, specifically the otool component. A memory corruption issue in otool could be triggered by processing a maliciously crafted file, potentially enabling arbitrary code execution. Apple’s security content confirms the fix in Xcode 11.0 and advises upgra...
CVE-2019-8738
CVE-2019-8738 affects the otool component of Apple Xcode prior to version 11.0. It is a memory corruption issue that could allow arbitrary code execution when processing a maliciously crafted file. Apple fixed this in Xcode 11.0 by updating the affected component and improving state management. T...
CVE-2025-43375
The CVE-2025-43375 entry is tied to Xcode 26 where a path-handling issue can cause a process crash when processing an overly large path value. Technical details across connected sources consistently cite the vulnerability in the Xcode 26 development tools and the fix implemented by Apple (improve...
CVE-2025-43263
CVE-2025-43263 affects Apple Xcode (26) with a sandbox check insufficiency in components such as IDE CoreML and Xcode itself. The issue allows an app to read and write files outside its sandbox due to insufficient path/file handling checks. The vulnerability is addressed in Xcode 26 via improved ...
CVE-2025-43371
The CVE describes an Improper Access Control in Xcode where insufficient sandbox checks could allow an app to break out of its sandbox. Reports converge on Xcode 26 fixes; remediation is to update to Xcode 26 or later. The vulnerability is characterized by local attack vector with required user i...
CVE-2025-43370
CVE-2025-43370 affects Apple Xcode 26, where a path handling issue can crash a process when processing an oversized path. The root cause is improved validation of path input in Xcode 26 development tooling, with confirmed fix in the Xcode 26 release. Public sources across Red Hat, CNVD, NVD, and ...
CVE-2025-31186
CVE-2025-31186 affects Apple Xcode components (notably Playgrounds) where a permissions issue could allow an app to bypass Privacy preferences. Root cause: insufficient restrictions. Impact: potential exposure of private information or privacy policy circumvention, as described by multiple source...
CVE-2025-43504
CVE-2025-43504 is tied to an out-of-bounds/write/ buffer overflow in Apple's Xcode 26.1 (specifically the LLDB component per Apple’s security content) that can be triggered by a crafted input from a user in a privileged network position, potentially causing a denial-of-service. The CNVD/CNNVD ent...
CVE-2026-28890
CVE-2026-28890 describes an out-of-bounds read in Xcode that was addressed by improved bounds checking. Connected sources confirm the affected product is Xcode and indicate the fix is included in Xcode 26.4, with the impact stated as an app may terminate unexpectedly. The vulnerability details ac...
CVE-2025-43505
Apple Xcode 26.1 fixes CVE-2025-43505, an out-of-bounds write caused by insufficient input validation that could allow heap corruption when processing a maliciously crafted file. Affected product: Xcode (and LLDB noted in Apple advisory). Remediation: update to Xcode 26.1. Notes from connected so...
CVE-2026-28889
The CVE-2026-28889 entry pertains to Xcode prior to version 26.4, where a permissions issue could allow an app to read arbitrary files as root. The root cause is described as insufficient/added restrictions around permissions in the affected components. Apple’s advisory (Xcode 26.4) fixes the iss...