CVE-2023-27929: Input Validation
First published: Mon Mar 27 2023(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.
Credit: product-security@apple.com product-security@apple.com Meysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day Initiative
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <13.3 | 13.3 | |
| Apple tvOS | <16.4 | 16.4 |
| Apple iOS | <16.4 | 16.4 |
| Apple iPadOS | <16.4 | 16.4 |
| Apple watchOS | <9.4 | 9.4 |
| Apple iPadOS | <16.4 | |
| Apple iPhone OS | <16.4 | |
| Apple macOS | <13.3 | |
| Apple tvOS | <16.4 | |
| Apple watchOS | <9.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213670 (Advisory)
- https://support.apple.com/en-us/HT213674 (Advisory)
- https://support.apple.com/en-us/HT213676 (Advisory)
- https://support.apple.com/en-us/HT213678 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-32436
- CVE-2023-27968
- CVE-2023-28209
- CVE-2023-28210
- CVE-2023-28211
- CVE-2023-28212
- CVE-2023-28213
- CVE-2023-28214
- CVE-2023-28215
- CVE-2023-32356
- CVE-2023-23532
- CVE-2023-23527
- CVE-2023-27931
- CVE-2023-28179
- CVE-2023-42830
- CVE-2023-27951
- CVE-2023-27961
- CVE-2023-23543
- CVE-2023-23534
- CVE-2023-27955
- CVE-2023-27936
- CVE-2023-28181
- CVE-2023-32426
- CVE-2022-43551
- CVE-2022-43552
- CVE-2023-27934
- CVE-2023-28180
- CVE-2023-27935
- CVE-2023-27953
- CVE-2023-27958
- CVE-2023-40433
- CVE-2023-28190
- CVE-2023-23537
- CVE-2023-28195
- CVE-2023-27956
- CVE-2023-32366
- CVE-2023-27937
- CVE-2023-23526
- CVE-2023-27928
- CVE-2023-27939
- CVE-2023-27947
- CVE-2023-27948
- CVE-2023-42862
- CVE-2023-42865
- CVE-2023-23535
- CVE-2023-27929
- CVE-2023-27946
- CVE-2023-27957
- CVE-2023-32378
- CVE-2023-28187
- CVE-2023-27941
- CVE-2023-28199
- CVE-2023-23536
- CVE-2023-23514
- CVE-2023-27969
- CVE-2023-27933
- CVE-2023-28200
- CVE-2023-27943
- CVE-2023-23525
- CVE-2023-40383
- CVE-2023-41075
- CVE-2023-28189
- CVE-2023-28197
- CVE-2023-27950
- CVE-2023-27949
- CVE-2023-28182
- CVE-2023-23538
- CVE-2023-27962
- CVE-2023-23523
- CVE-2023-27942
- CVE-2023-32362
- CVE-2023-27952
- CVE-2023-23533
- CVE-2023-28178
- CVE-2023-27966
- CVE-2023-27963
- CVE-2023-23542
- CVE-2023-28192
- CVE-2023-28188
- CVE-2023-0049
- CVE-2023-0051
- CVE-2023-0054
- CVE-2023-0288
- CVE-2023-0433
- CVE-2023-0512
- CVE-2023-32370
- CVE-2023-28198
- CVE-2023-32435
- CVE-2023-27932
- CVE-2023-27954
- CVE-2014-1745
- CVE-2023-32358
- CVE-2023-28201
- CVE-2023-27944
- CVE-2023-23528
- CVE-2023-28185
- CVE-2023-23541
- CVE-2023-23540
- CVE-2023-27959
- CVE-2023-27970
- CVE-2023-23494
- CVE-2023-32424
- CVE-2022-46724
- CVE-2023-28194
- CVE-2022-46725
- CVE-2022-46705
Frequently Asked Questions
What is CVE-2023-27929?
CVE-2023-27929 is a vulnerability in ImageIO that allows for an out-of-bounds read, resulting in the potential disclosure of process memory.
How does CVE-2023-27929 affect macOS Ventura?
CVE-2023-27929 affects macOS Ventura version 13.3 and earlier, but it is fixed in macOS Ventura 13.3.
Does CVE-2023-27929 impact iOS?
Yes, CVE-2023-27929 impacts iOS versions up to and including 16.4, but it is fixed in iOS 16.4.
How can I fix CVE-2023-27929 on my Apple device?
To fix CVE-2023-27929, update your device to the latest available version of the affected software, such as macOS Ventura 13.3, iOS 16.4, iPadOS 16.4, watchOS 9.4, or tvOS 16.4.
What is the severity of CVE-2023-27929?
CVE-2023-27929 has a severity rating of medium, with a CVSS score of 5.5.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-index
- collector/nvd-latest
- vendor/apple
- canonical/apple macos ventura
- canonical/apple tvos
- canonical/apple ios
- canonical/apple ipados
- canonical/apple watchos
- canonical/apple iphone os
- canonical/apple macos