CVE-2024-44237

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121568	Vendor Advisory
https://support.apple.com/en-us/121570	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Oct/11
http://seclists.org/fulldisclosure/2024/Oct/12
http://seclists.org/fulldisclosure/2024/Oct/13

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

History

03 Nov 2025, 22:18

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Oct/11 - () http://seclists.org/fulldisclosure/2024/Oct/12 - () http://seclists.org/fulldisclosure/2024/Oct/13 -

12 Dec 2024, 19:46

Type	Values Removed	Values Added
First Time		Apple Apple macos
References	~~() https://support.apple.com/en-us/121568 -~~	() https://support.apple.com/en-us/121568 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121570 -~~	() https://support.apple.com/en-us/121570 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 5.5
CWE		CWE-787
CPE		cpe:2.3:o:apple:macos::::::::

29 Oct 2024, 21:35

Type	Values Removed	Values Added
CWE		CWE-125
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

29 Oct 2024, 14:34

Type	Values Removed	Values Added
Summary		(es) Se solucionó un problema de acceso fuera de los límites con una comprobación de los límites mejorada. Este problema se solucionó en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. El procesamiento de un archivo manipulado con fines malintencionados puede provocar la finalización inesperada de la aplicación.

28 Oct 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-28 22:15

Updated : 2025-11-03 22:18

NVD link : CVE-2024-44237

Mitre link : CVE-2024-44237

CVE.ORG link : CVE-2024-44237

JSON object : View

Products Affected

apple

macos

CWE

CWE-787

Out-of-bounds Write

CWE-125

Out-of-bounds Read

{"id": "CVE-2024-44237", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-10-28T22:15:03.037", "references": [{"url": "https://support.apple.com/en-us/121568", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/121570", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Oct/11", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Oct/12", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Oct/13", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de acceso fuera de los l\u00edmites con una comprobaci\u00f3n de los l\u00edmites mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. El procesamiento de un archivo manipulado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n."}], "lastModified": "2025-11-03T22:18:28.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD0D09F7-8683-476D-8D27-0C49A55D9938", "versionEndExcluding": "13.7.1", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE", "versionEndExcluding": "14.7.1", "versionStartIncluding": "14.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}