CVE-2022-26711

critical

Description

An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

References

https://support.apple.com/en-us/HT213257

https://support.apple.com/en-us/HT213254

https://support.apple.com/en-us/HT213253

https://support.apple.com/en-us/HT213258

https://support.apple.com/en-us/HT213259

Details

Source: MITRE

Published: 2022-05-26

Updated: 2022-06-07

Type: CWE-190

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL