CVE-2024-44144

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121238	Release Notes Vendor Advisory
https://support.apple.com/en-us/121240	Release Notes Vendor Advisory
https://support.apple.com/en-us/121248	Release Notes Vendor Advisory
https://support.apple.com/en-us/121249	Release Notes Vendor Advisory
https://support.apple.com/en-us/121250	Release Notes Vendor Advisory
https://support.apple.com/en-us/121567	Release Notes Vendor Advisory
https://support.apple.com/en-us/121570	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2024/Oct/10
http://seclists.org/fulldisclosure/2024/Oct/12

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

02 Apr 2026, 19:18

Type	Values Removed	Values Added
Summary	(en) A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination.	(en) A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination.

03 Nov 2025, 22:18

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Oct/10 - () http://seclists.org/fulldisclosure/2024/Oct/12 -

29 Oct 2024, 17:34

Type	Values Removed	Values Added
References	~~() https://support.apple.com/en-us/121238 -~~	() https://support.apple.com/en-us/121238 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121240 -~~	() https://support.apple.com/en-us/121240 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121248 -~~	() https://support.apple.com/en-us/121248 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121249 -~~	() https://support.apple.com/en-us/121249 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121250 -~~	() https://support.apple.com/en-us/121250 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121567 -~~	() https://support.apple.com/en-us/121567 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121570 -~~	() https://support.apple.com/en-us/121570 - Release Notes, Vendor Advisory
CPE		cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:macos::::::::
CWE		CWE-120
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Apple watchos Apple iphone Os Apple Apple tvos Apple macos Apple ipados

29 Oct 2024, 14:34

Type	Values Removed	Values Added
Summary		(es) Se solucionó un desbordamiento de búfer mejorando la validación de tamaño. Este problema se solucionó en iOS 17.7.1 y iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 y iPadOS 18. El procesamiento de un archivo manipulado con fines malintencionados puede provocar la finalización inesperada de la aplicación.

28 Oct 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-28 21:15

Updated : 2026-04-02 19:18

NVD link : CVE-2024-44144

Mitre link : CVE-2024-44144

CVE.ORG link : CVE-2024-44144

JSON object : View

Products Affected

apple

watchos
iphone_os
tvos
ipados
macos

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

5.5 /10