The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a maliciously crafted Keynote file may disclose memory contents.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/125108 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/125110 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/126254 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Jan 2026, 16:48
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Apple keynote
Apple iphone Os Apple ipados Apple Apple macos |
|
| CPE | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:* |
|
| References | () https://support.apple.com/en-us/125108 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/125110 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/126254 - Release Notes, Vendor Advisory |
29 Jan 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| CWE | CWE-125 |
28 Jan 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-28 18:16
Updated : 2026-01-30 16:48
NVD link : CVE-2025-46306
Mitre link : CVE-2025-46306
CVE.ORG link : CVE-2025-46306
JSON object : View
Products Affected
apple
- iphone_os
- ipados
- keynote
- macos
CWE
CWE-125
Out-of-bounds Read