First published: Tue Mar 07 2023(Updated: )
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution
Credit: Mickey Jin @patch1t Trend Micro product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple GarageB | ||
Apple for macOS | <10.4.8 | 10.4.8 |
Apple macOS | <10.4.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-27938.
The severity of CVE-2023-27938 is high with a CVSS score of 7.8.
The affected software is GarageBand for macOS 10.4.8.
Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution.
You can fix CVE-2023-27938 by updating to GarageBand for macOS 10.4.8.