CVE-2024-44236

Published Oct 28, 2024

Last updated 6 months ago

CVSS medium 5.5
Apple
macOS

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-44236 is an out-of-bounds access vulnerability affecting Apple's macOS. It exists within the parsing of ICC (International Color Consortium) profiles in macOS's Scriptable Image Processing System (sips). The vulnerability stems from improper validation of the "lutAToBType" and "lutBToAType" tag types within ICC Profile files, specifically when processing the "Offset to CLUT" field value. The vulnerability can be exploited if a user processes a maliciously crafted ICC Profile file. Successful exploitation could lead to unexpected app termination. The issue was addressed by improved bounds checking in macOS Ventura 13.7.1 and macOS Sonoma 14.7.1.

Description
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination.
Source
product-security@apple.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

nvd@nist.gov
CWE-125
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-787

Social media

Hype score
Not currently trending

Configurations