What is CVE-2022-26711?

CVE-2022-26711 is an integer overflow vulnerability in ImageIO that has been addressed with improved input validation.

Which products are affected by CVE-2022-26711?

The affected products include Apple watchOS up to version 8.6, Apple tvOS up to version 15.5, macOS Monterey up to version 12.4, iOS up to version 15.5, iPadOS up to version 15.5, and iTunes for Windows up to version 12.12.4.

How can I fix CVE-2022-26711?

To fix CVE-2022-26711, it is recommended to update the affected software to the latest available version provided by Apple.

What is the severity of CVE-2022-26711?

The severity of CVE-2022-26711 is not mentioned in the provided information.

Where can I find more information about CVE-2022-26711?

More information about CVE-2022-26711 can be found on the Apple support website at the following links: [support.apple.com/en-us/HT213254](support.apple.com/en-us/HT213254), [support.apple.com/en-us/HT213257](support.apple.com/en-us/HT213257), [support.apple.com/en-us/HT213258](support.apple.com/en-us/HT213258).

Vulnerability/
CVE-2022-26711

critical

9.8

CWE

20 190

16/5/2022

26/5/2022

3/8/2024

CVE-2022-26711: Input Validation

First published: Mon May 16 2022(Updated: )

An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Credit: actae0n Blacksun Hackers Club working with Trend Micro Zero Day Initiativeactae0n Blacksun Hackers Club working with Trend Micro Zero Day Initiativeactae0n Blacksun Hackers Club working with Trend Micro Zero Day Initiativeactae0n Blacksun Hackers Club working with Trend Micro Zero Day Initiativeactae0n Blacksun Hackers Club working with Trend Micro Zero Day Initiative product-security@apple.com

Affected Software	Affected Version	How to fix
Apple watchOS	<8.6	8.6
Apple tvOS	<15.5	15.5
	<12.4	12.4
Apple iOS	<15.5	15.5
Apple iPadOS	<15.5	15.5
Apple iTunes for Windows	<12.12.4	12.12.4
Apple iTunes	<12.12.4
Apple iPadOS	<15.5
Apple iPhone OS	<15.5
Apple macOS	>=12.0.0<12.4
Apple tvOS	<15.5
Apple watchOS	<8.6

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT213259 (Advisory)
https://support.apple.com/en-us/HT213253 (Advisory)
https://support.apple.com/en-us/HT213254 (Advisory)
https://support.apple.com/en-us/HT213257 (Advisory)
https://support.apple.com/en-us/HT213258 (Advisory)
https://support.apple.com/kb/HT213258

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2022-26751
CVE-2022-26711
CVE-2022-26774
CVE-2022-26773
CVE-2022-26717
CVE-2022-26702
CVE-2022-22675
CVE-2022-26763
CVE-2022-26768
CVE-2022-26771
CVE-2022-26714
CVE-2022-26757
CVE-2022-26764
CVE-2022-26765
CVE-2022-26706
CVE-2022-26775
CVE-2022-26708
CVE-2022-32790
CVE-2022-26776
CVE-2022-23308
CVE-2022-26766
CVE-2022-26726
CVE-2022-26700
CVE-2022-26709
CVE-2022-26710
CVE-2022-26716
CVE-2022-26719
CVE-2022-26745
CVE-2022-26724
CVE-2022-26736
CVE-2022-26737
CVE-2022-26738
CVE-2022-26739
CVE-2022-26740
CVE-2022-26701
CVE-2022-32781
CVE-2022-26744
CVE-2022-22673
CVE-2022-26731
CVE-2022-26703
CVE-2022-26704
CVE-2022-22677
CVE-2022-26760
CVE-2015-4142
CVE-2022-26762
CVE-2022-26772
CVE-2022-26741
CVE-2022-26742
CVE-2022-26749
CVE-2022-26750
CVE-2022-26752
CVE-2022-26753
CVE-2022-26754
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-26707
CVE-2022-26697
CVE-2022-26698
CVE-2022-32783
CVE-2022-26694
CVE-2022-26721
CVE-2022-26722
CVE-2022-26725
CVE-2022-26720
CVE-2022-26769
CVE-2022-26770
CVE-2022-26748
CVE-2022-26756
CVE-2022-26758
CVE-2022-26743
CVE-2022-26767
CVE-2022-32882
CVE-2022-0778
CVE-2022-48575
CVE-2022-32794
CVE-2022-22617
CVE-2022-26712
CVE-2022-26727
CVE-2022-32782
CVE-2022-26693
CVE-2022-26746
CVE-2022-26715
CVE-2022-26718
CVE-2022-26723
CVE-2022-26728
CVE-2022-42857
CVE-2022-26755
CVE-2022-26696
CVE-2022-26761
CVE-2022-0530
CVE-2018-25032
CVE-2021-45444

Frequently Asked Questions

What is CVE-2022-26711?
CVE-2022-26711 is an integer overflow vulnerability in ImageIO that has been addressed with improved input validation.
Which products are affected by CVE-2022-26711?
The affected products include Apple watchOS up to version 8.6, Apple tvOS up to version 15.5, macOS Monterey up to version 12.4, iOS up to version 15.5, iPadOS up to version 15.5, and iTunes for Windows up to version 12.12.4.
How can I fix CVE-2022-26711?
To fix CVE-2022-26711, it is recommended to update the affected software to the latest available version provided by Apple.
What is the severity of CVE-2022-26711?
The severity of CVE-2022-26711 is not mentioned in the provided information.
Where can I find more information about CVE-2022-26711?
More information about CVE-2022-26711 can be found on the Apple support website at the following links: [support.apple.com/en-us/HT213254](support.apple.com/en-us/HT213254), [support.apple.com/en-us/HT213257](support.apple.com/en-us/HT213257), [support.apple.com/en-us/HT213258](support.apple.com/en-us/HT213258).

collector/apple-support
agent/weakness
agent/type
agent/first-publish-date
agent/software-canonical-lookup-request
collector/nvd-index
agent/author
agent/severity
agent/softwarecombine
agent/description
source/Apple
agent/software-canonical-lookup
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
vendor/apple
canonical/apple itunes for windows
canonical/apple watchos
canonical/apple itunes
canonical/apple ipados
canonical/apple iphone os
canonical/apple macos
version/apple macos/12.0.0
canonical/apple tvos
canonical/apple ios