Lucene search
JzhuZDI-23-650HistoryMay 17, 2023 - 12:00 a.m.
Apple macOS KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2023-05-1700:00:00
jzhu
www.zerodayinitiative.com
14
vulnerability
remote attackers
information disclosure
imageio framework
ktx image
allocated buffer
arbitrary code
0.001 Low
EPSS
Percentile
48.2%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ImageIO framework. Crafted data in a KTX image can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
References
Related
cve
cve
CVE-2023-23519
2023-02-27 20:15:14
nvd
nvd
CVE-2023-23519
2023-02-27 20:15:14
prion
prion
Memory corruption
2023-02-27 20:15:00
cvelist
cvelist
CVE-2023-23519
2023-02-27 00:00:00
nessus
nessus
Apple iOS < 16.3 Multiple Vulnerabilities (HT213606)
2023-01-25 00:00:00
Apple TV < 16.3 Multiple Vulnerabilities (HT213601)
2024-06-14 00:00:00
macOS 13.x < 13.2 Multiple Vulnerabilities (HT213605)
2023-01-24 00:00:00
apple
apple
About the security content of tvOS 16.3
2023-01-24 00:00:00
About the security content of watchOS 9.3
2023-01-23 00:00:00
About the security content of iOS 16.3 and iPadOS 16.3
2023-01-23 00:00:00
openvas
openvas
Apple Mac OS X Security Update (HT213603)
2023-01-25 00:00:00
Apple Mac OS X Security Update (HT213605)
2023-01-25 00:00:00