AI description
CVE-2024-44236 is an out-of-bounds access vulnerability affecting Apple's macOS. It exists within the parsing of ICC (International Color Consortium) profiles in macOS's Scriptable Image Processing System (sips). The vulnerability stems from improper validation of the "lutAToBType" and "lutBToAType" tag types within ICC Profile files, specifically when processing the "Offset to CLUT" field value. The vulnerability can be exploited if a user processes a maliciously crafted ICC Profile file. Successful exploitation could lead to unexpected app termination. The issue was addressed by improved bounds checking in macOS Ventura 13.7.1 and macOS Sonoma 14.7.1.
- Description
- An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- Hype score
- Not currently trending
Critical #macOS vulnerability CVE-2024-44236 allows remote code execution via malicious ICC files. Update to the latest macOS versions immediately to stay protected. #CyberSecurity #Apple https://t.co/xqlhJaMsMt
@dailytechonx
8 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
An analysis of CVE-2024-44236 - an RCE in macOS due to the lack of proper validation of “lutAToBType” and “lutBToAType” tag types. Read the details, see the source code review, and get detection guidance at https://t.co/w9r8RPClRD
@thezdi
7 May 2025
7527 Impressions
32 Retweets
80 Likes
24 Bookmarks
0 Replies
1 Quote
CVE-2024-44236 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously … https://t.co/e296m7RwoR
@CVEnew
28 Oct 2024
148 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
8 vulns in Apple October 2024 security releases: sips: CVE-2024-44236: RCE CVE-2024-44237: RCE CVE-2024-44279: info disc CVE-2024-44281: info disc CVE-2024-44283: info disc CoreText: CVE-2024-44240: info disc CVE-2024-44302: info disc Foundation: CVE-2024-44282: info disc
@hosselot
28 Oct 2024
3134 Impressions
3 Retweets
36 Likes
7 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012",
"versionEndExcluding": "13.7.1"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE",
"versionEndExcluding": "14.7.1",
"versionStartIncluding": "14.0"
}
],
"operator": "OR"
}
]
}
]