CVE-2019-8830

HIGH Year: 2019
CVSS v3 Score
8.8
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-125
View all →

Vulnerability Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.

Related Vulnerabilities

CVE-2014-1497

HIGH
CVSS:8.8(High)

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sen...

CWE-1252014

CVE-2015-9381

HIGH
CVSS:8.8(High)

FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.

CWE-1252015

CVE-2016-10403

HIGH
CVSS:8.8(High)

Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

CWE-1252016

CVE-2016-1646

HIGH
CVSS:8.8(High)

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to ca...

CWE-1252016

CVE-2016-3621

HIGH
CVSS:8.8(High)

The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a c...

CWE-1252016

CVE-2016-5198

HIGH
CVSS:8.8(High)

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to ...

CWE-1252016