What is CVE-2022-26740?

CVE-2022-26740 is an out-of-bounds write vulnerability in AVEVideoEncoder that has been addressed with improved bounds checking.

Which products are affected by CVE-2022-26740?

CVE-2022-26740 affects Apple tvOS up to version 15.5, macOS Monterey up to version 12.4, Apple iOS up to version 15.5, and Apple iPadOS up to version 15.5.

How severe is CVE-2022-26740?

The severity of CVE-2022-26740 depends on several factors such as the attacker's capabilities and the system's configuration, but since it has been addressed with improved bounds checking, it is recommended to update the affected software to the patched versions.

How can I fix CVE-2022-26740?

To fix CVE-2022-26740, you should update the affected software (tvOS, macOS Monterey, iOS, and iPadOS) to the patched versions (15.5 for tvOS and iOS, and 12.4 for macOS Monterey).

Where can I find more information about CVE-2022-26740?

You can find more information about CVE-2022-26740 on the Apple support page: [CVE-2022-26740](https://support.apple.com/en-us/HT213254).

Vulnerability/
CVE-2022-26740

critical

9.3

CWE

787

16/5/2022

26/5/2022

7/6/2022

CVE-2022-26740

First published: Mon May 16 2022(Updated: )

AVEVideoEncoder. An out-of-bounds write issue was addressed with improved bounds checking.

Credit: an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher product-security@apple.com

Affected Software	Affected Version	How to fix
Apple tvOS	<15.5	15.5
	<12.4	12.4
Apple iOS	<15.5	15.5
Apple iPadOS	<15.5	15.5
Apple iPadOS	<15.5
Apple iPhone OS	<15.5
Apple macOS	>=12.0<12.4
Apple tvOS	<15.5

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT213254 (Advisory)
https://support.apple.com/en-us/HT213257 (Advisory)
https://support.apple.com/en-us/HT213258 (Advisory)
https://support.apple.com/kb/HT213257
https://support.apple.com/kb/HT213258

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2022-26702
CVE-2022-22675
CVE-2022-26724
CVE-2022-26736
CVE-2022-26737
CVE-2022-26738
CVE-2022-26739
CVE-2022-26740
CVE-2022-26763
CVE-2022-26711
CVE-2022-26701
CVE-2022-26768
CVE-2022-26771
CVE-2022-26714
CVE-2022-26757
CVE-2022-26764
CVE-2022-26765
CVE-2022-26706
CVE-2022-26775
CVE-2022-26708
CVE-2022-32790
CVE-2022-26776
CVE-2022-23308
CVE-2022-26766
CVE-2022-26700
CVE-2022-26709
CVE-2022-26710
CVE-2022-26717
CVE-2022-26716
CVE-2022-26719
CVE-2022-26745
CVE-2022-26772
CVE-2022-26741
CVE-2022-26742
CVE-2022-26749
CVE-2022-26750
CVE-2022-26752
CVE-2022-26753
CVE-2022-26754
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-26751
CVE-2022-26707
CVE-2022-26697
CVE-2022-26698
CVE-2022-32783
CVE-2022-26694
CVE-2022-26721
CVE-2022-26722
CVE-2022-32781
CVE-2022-26725
CVE-2022-26720
CVE-2022-26769
CVE-2022-26770
CVE-2022-26748
CVE-2022-26756
CVE-2022-26758
CVE-2022-26743
CVE-2022-26767
CVE-2022-32882
CVE-2022-0778
CVE-2022-48575
CVE-2022-32794
CVE-2022-22617
CVE-2022-26712
CVE-2022-26727
CVE-2022-32782
CVE-2022-26693
CVE-2022-26746
CVE-2022-26731
CVE-2022-26715
CVE-2022-26718
CVE-2022-26723
CVE-2022-26728
CVE-2022-26704
CVE-2022-42857
CVE-2022-26726
CVE-2022-26755
CVE-2022-26696
CVE-2022-22677
CVE-2022-26761
CVE-2022-26762
CVE-2022-0530
CVE-2018-25032
CVE-2021-45444
CVE-2022-26744
CVE-2022-22673
CVE-2022-26703
CVE-2022-26760
CVE-2015-4142

Frequently Asked Questions

What is CVE-2022-26740?
CVE-2022-26740 is an out-of-bounds write vulnerability in AVEVideoEncoder that has been addressed with improved bounds checking.
Which products are affected by CVE-2022-26740?
CVE-2022-26740 affects Apple tvOS up to version 15.5, macOS Monterey up to version 12.4, Apple iOS up to version 15.5, and Apple iPadOS up to version 15.5.
How severe is CVE-2022-26740?
The severity of CVE-2022-26740 depends on several factors such as the attacker's capabilities and the system's configuration, but since it has been addressed with improved bounds checking, it is recommended to update the affected software to the patched versions.
How can I fix CVE-2022-26740?
To fix CVE-2022-26740, you should update the affected software (tvOS, macOS Monterey, iOS, and iPadOS) to the patched versions (15.5 for tvOS and iOS, and 12.4 for macOS Monterey).
Where can I find more information about CVE-2022-26740?
You can find more information about CVE-2022-26740 on the Apple support page: [CVE-2022-26740](https://support.apple.com/en-us/HT213254).

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/apple-support
alias/CVE-2022-26737
alias/CVE-2022-26738
alias/CVE-2022-26739
alias/CVE-2022-26740
agent/software-canonical-lookup-request
source/Apple
agent/software-canonical-lookup
collector/nvd-index
vendor/apple
canonical/apple tvos
canonical/apple macos monterey
canonical/apple ios
canonical/apple ipados
canonical/apple iphone os
canonical/apple macos
version/apple macos/12.0