What is CVE-2023-27949?

CVE-2023-27949 is a vulnerability in Model I/O that allows for an out-of-bounds read, which has been addressed with improved input validation.

What is the severity of CVE-2023-27949?

The severity of CVE-2023-27949 is high, with a severity value of 7.8.

How does CVE-2023-27949 affect Apple iOS?

CVE-2023-27949 affects Apple iOS versions up to and excluding 15.7.4, leading to unexpected app termination or arbitrary code execution when processing a maliciously crafted file.

How does CVE-2023-27949 affect Apple macOS?

CVE-2023-27949 affects Apple macOS versions between 12.0 and 12.6.4, as well as versions between 13.0 and 13.3, leading to unexpected app termination or arbitrary code execution when processing a maliciously crafted file.

How do I fix CVE-2023-27949?

CVE-2023-27949 is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4, and iPadOS 15.7.4. Update to the respective versions to address the vulnerability.

Vulnerability/
CVE-2023-27949

high

7.8

CWE

20 125

27/3/2023

8/5/2023

2/8/2024

CVE-2023-27949: Input Validation

First published: Mon Mar 27 2023(Updated: )

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Credit: Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t product-security@apple.com product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iOS	<15.7.4	15.7.4
Apple iPadOS	<15.7.4	15.7.4
Apple Ipad Os	<15.7.4
Apple iPhone OS	<15.7.4
Apple macOS	>=12.0<12.6.4
Apple macOS	>=13.0<13.3
	<12.6.4	12.6.4
Apple macOS Ventura	<13.3	13.3

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT213673 (Advisory)
https://support.apple.com/en-us/HT213670 (Advisory)
https://support.apple.com/en-us/HT213677 (Advisory)
https://support.apple.com/kb/HT213673

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2023-23541
CVE-2023-27961
CVE-2023-23543
CVE-2023-27936
CVE-2023-23537
CVE-2023-27956
CVE-2023-32366
CVE-2023-27928
CVE-2023-27946
CVE-2023-23535
CVE-2023-28200
CVE-2023-27941
CVE-2023-27969
CVE-2023-23536
CVE-2023-28185
CVE-2023-41075
CVE-2023-27949
CVE-2023-27950
CVE-2023-28182
CVE-2023-27963
CVE-2023-27954
CVE-2023-23529
CVE-2023-28198
CVE-2023-32358
CVE-2023-28201
CVE-2023-32436
CVE-2023-27968
CVE-2023-28209
CVE-2023-28210
CVE-2023-28211
CVE-2023-28212
CVE-2023-28213
CVE-2023-28214
CVE-2023-28215
CVE-2023-32356
CVE-2023-23532
CVE-2023-23527
CVE-2023-27931
CVE-2023-28179
CVE-2023-42830
CVE-2023-27951
CVE-2023-23534
CVE-2023-27955
CVE-2023-40398
CVE-2023-28181
CVE-2023-32426
CVE-2022-43551
CVE-2022-43552
CVE-2023-27934
CVE-2023-28180
CVE-2023-27935
CVE-2023-27953
CVE-2023-27958
CVE-2023-40433
CVE-2023-28190
CVE-2023-28195
CVE-2023-27937
CVE-2023-23526
CVE-2023-27939
CVE-2023-27947
CVE-2023-27948
CVE-2023-42862
CVE-2023-42865
CVE-2023-27929
CVE-2023-27957
CVE-2023-32378
CVE-2023-28187
CVE-2023-28199
CVE-2023-23514
CVE-2023-27933
CVE-2023-27943
CVE-2023-23525
CVE-2023-40383
CVE-2023-28189
CVE-2023-28197
CVE-2023-23538
CVE-2023-27962
CVE-2023-23523
CVE-2023-27942
CVE-2023-32362
CVE-2023-27952
CVE-2023-23533
CVE-2023-28178
CVE-2023-27966
CVE-2023-23542
CVE-2023-28192
CVE-2023-28188
CVE-2023-0049
CVE-2023-0051
CVE-2023-0054
CVE-2023-0288
CVE-2023-0433
CVE-2023-0512
CVE-2023-32370
CVE-2023-32435
CVE-2023-27932
CVE-2014-1745
CVE-2023-27944
CVE-2023-23540

Frequently Asked Questions

What is CVE-2023-27949?
CVE-2023-27949 is a vulnerability in Model I/O that allows for an out-of-bounds read, which has been addressed with improved input validation.
What is the severity of CVE-2023-27949?
The severity of CVE-2023-27949 is high, with a severity value of 7.8.
How does CVE-2023-27949 affect Apple iOS?
CVE-2023-27949 affects Apple iOS versions up to and excluding 15.7.4, leading to unexpected app termination or arbitrary code execution when processing a maliciously crafted file.
How does CVE-2023-27949 affect Apple macOS?
CVE-2023-27949 affects Apple macOS versions between 12.0 and 12.6.4, as well as versions between 13.0 and 13.3, leading to unexpected app termination or arbitrary code execution when processing a maliciously crafted file.
How do I fix CVE-2023-27949?
CVE-2023-27949 is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4, and iPadOS 15.7.4. Update to the respective versions to address the vulnerability.

collector/nvd-latest
agent/type
agent/first-publish-date
agent/weakness
agent/author
agent/severity
collector/apple-support
source/Apple
agent/software-canonical-lookup-request
agent/software-canonical-lookup
agent/description
collector/nvd-api
collector/nvd-index
agent/last-modified-date
agent/softwarecombine
agent/event
agent/tags
agent/references
collector/mitre-cve
source/MITRE
vendor/apple
canonical/apple ios
canonical/apple ipados
canonical/apple ipad os
canonical/apple iphone os
canonical/apple macos
version/apple macos/12.0
version/apple macos/13.0
canonical/apple macos ventura
canonical/apple macos monterey