CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-40784: An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS...

Description

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.

Classification

CVE ID: CVE-2024-40784

Problem Types

Processing a maliciously crafted file may lead to unexpected app termination

Affected Products

Vendor: Apple, Apple, Apple, Apple, Apple, Apple, Apple

Product: iOS and iPadOS, iOS and iPadOS, macOS, watchOS, macOS, visionOS, tvOS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.08% (scored less or equal to compared to others)

EPSS Date: 2025-04-17 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-40784
https://support.apple.com/en-us/HT214117
https://support.apple.com/en-us/HT214116
https://support.apple.com/en-us/HT214120
https://support.apple.com/en-us/HT214124
https://support.apple.com/en-us/HT214119
https://support.apple.com/en-us/HT214123
https://support.apple.com/en-us/HT214122
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/23
http://seclists.org/fulldisclosure/2024/Jul/21
http://seclists.org/fulldisclosure/2024/Jul/17
http://seclists.org/fulldisclosure/2024/Jul/22
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19

Timeline