Details of VAR-202207-1499

ID

VAR-202207-1499

CVE

CVE-2022-32841

TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018210

DESCRIPTION

The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory. iPadOS , iOS , macOS Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS versions prior to 15.6 and iPadOS versions prior to 15.6 have a buffer error vulnerability that stems from a boundary condition in ImageIO. A remote attacker could create a specially crafted file to trick the victim into opening it, triggering an out-of-bounds read error and reading the contents of memory on the system. The vulnerability could allow a remote attacker to obtain potentially sensitive information. iOS 15.6 and iPadOS 15.6

Trust: 1.8

sources: NVD: CVE-2022-32841 // JVNDB: JVNDB-2022-018210 // VULHUB: VHN-424930 // VULMON: CVE-2022-32841

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lt	version:	8.7	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.5	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	eq	version:	8.7	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018210 // NVD: CVE-2022-32841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32841
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-32841
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202207-2096
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-32841
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32841
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018210 // CNNVD: CNNVD-202207-2096 // NVD: CVE-2022-32841

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018210 // NVD: CVE-2022-32841

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2096

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-2096

PATCH

title:	HT213345 Apple Security update	url:	https://support.apple.com/en-us/HT213340	Trust: 0.8
title:	Multiple Apple product Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209251	Trust: 0.6
title:	Apple: iOS 15.6 and iPadOS 15.6	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a	Trust: 0.1
title:	Apple: macOS Monterey 12.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4	Trust: 0.1

sources: VULMON: CVE-2022-32841 // JVNDB: JVNDB-2022-018210 // CNNVD: CNNVD-202207-2096

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32841	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-018210	Trust: 0.8
db:	CNNVD	id:	CNNVD-202207-2096	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.3563	Trust: 0.6
db:	CS-HELP	id:	SB2022072106	Trust: 0.6
db:	CS-HELP	id:	SB2022072107	Trust: 0.6
db:	CNVD	id:	CNVD-2022-71995	Trust: 0.1
db:	VULHUB	id:	VHN-424930	Trust: 0.1
db:	VULMON	id:	CVE-2022-32841	Trust: 0.1

sources: VULHUB: VHN-424930 // VULMON: CVE-2022-32841 // JVNDB: JVNDB-2022-018210 // CNNVD: CNNVD-202207-2096 // NVD: CVE-2022-32841

REFERENCES

url:	https://support.apple.com/en-us/ht213346	Trust: 2.3
url:	https://support.apple.com/en-us/ht213340	Trust: 1.7
url:	https://support.apple.com/en-us/ht213342	Trust: 1.7
url:	https://support.apple.com/en-us/ht213345	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32841	Trust: 0.8
url:	https://vigilance.fr/vulnerability/apple-macos-12-multiple-vulnerabilities-38873	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32841/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3563	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072107	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072106	Trust: 0.6
url:	https://support.apple.com/kb/ht213346	Trust: 0.1

sources: VULHUB: VHN-424930 // VULMON: CVE-2022-32841 // JVNDB: JVNDB-2022-018210 // CNNVD: CNNVD-202207-2096 // NVD: CVE-2022-32841

SOURCES

db:	VULHUB	id:	VHN-424930
db:	VULMON	id:	CVE-2022-32841
db:	JVNDB	id:	JVNDB-2022-018210
db:	CNNVD	id:	CNNVD-202207-2096
db:	NVD	id:	CVE-2022-32841

LAST UPDATE DATE

2024-08-14T12:56:14.193000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424930	date:	2023-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-018210	date:	2023-10-19T03:11:00
db:	CNNVD	id:	CNNVD-202207-2096	date:	2022-09-28T00:00:00
db:	NVD	id:	CVE-2022-32841	date:	2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424930	date:	2022-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2022-018210	date:	2023-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202207-2096	date:	2022-07-20T00:00:00
db:	NVD	id:	CVE-2022-32841	date:	2022-09-23T19:15:13.420