AI description
CVE-2025-43346 is an out-of-bounds access vulnerability in Apple products. It affects multiple operating systems, including tvOS 26, watchOS 26, iOS 18.7 and iPadOS 18.7, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. The vulnerability stems from processing a maliciously crafted media file, which can lead to unexpected app termination or corrupt process memory. The issue was addressed through improved bounds checking.
- Description
- An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, iOS 18.7 and iPadOS 18.7, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- ipados, iphone_os, macos, tvos, visionos, watchos
CVSS 3.1
- Type
- Secondary
- Base score
- 6.2
- Impact score
- 3.6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-125
- Hype score
- Not currently trending
[ZDI-25-900|CVE-2025-43346] Apple macOS OGG Audio File Header Parsing Memory Corruption Remote Code Execution Vulnerability (CVSS 8.8; Credit: Hossein Lotfi (@hosselot) of Trend Zero Day Initiative) https://t.co/qvB3X7IJwi
@TheZDIBugs
18 Sept 2025
3403 Impressions
5 Retweets
31 Likes
9 Bookmarks
0 Replies
0 Quotes
CVE-2025-43346 Out-of-Bounds Access Vulnerability in Apple Operating Systems Enabling Memory Corruption https://t.co/LsHJY2kUfy
@VulmonFeeds
16 Sept 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-43346 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, iOS 18.7 and iPadOS 18.7, visionOS 26, macOS Ta… https://t.co/7Y1pObt3Yb
@CVEnew
16 Sept 2025
505 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5006F7D9-931C-4C7A-960A-C46338855CBB",
"versionEndExcluding": "18.7"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "025344A4-9E22-44FD-AF62-67FE85D1C621",
"versionEndExcluding": "18.7"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39AFEC84-CF6E-4859-8B5A-C5CF3F838A94",
"versionEndExcluding": "26.0"
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD4D5965-C1B7-4C82-AB16-BA4D41F2FBCA",
"versionEndExcluding": "26.0"
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E33744A8-68C0-4822-B08E-100911C18404",
"versionEndExcluding": "26.0"
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66CF3395-7CC9-41FD-8419-815AC6022191",
"versionEndExcluding": "26.0"
}
],
"operator": "OR"
}
]
}
]