CVE-2023-32372: Input Validation
First published: Thu May 18 2023(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory.
Credit: Meysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition Mercedes product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <16.5 | 16.5 |
| Apple iPadOS | <16.5 | 16.5 |
| <13.4 | 13.4 | |
| Apple tvOS | <16.5 | 16.5 |
| Apple watchOS | <9.5 | 9.5 |
| Apple iPadOS | <16.5 | |
| Apple iPhone OS | <16.5 | |
| Apple macOS | >=13.0<13.4 | |
| Apple tvOS | <16.5 | |
| Apple watchOS | <9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213757 (Advisory)
- https://support.apple.com/en-us/HT213758 (Advisory)
- https://support.apple.com/en-us/HT213761 (Advisory)
- https://support.apple.com/en-us/HT213764 (Advisory)
- https://support.apple.com/kb/HT213761
- https://support.apple.com/kb/HT213758
- https://support.apple.com/kb/HT213764
- https://support.apple.com/kb/HT213757
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-32400
- CVE-2023-34352
- CVE-2023-32411
- CVE-2023-32399
- CVE-2023-28191
- CVE-2023-32392
- CVE-2023-32372
- CVE-2023-32384
- CVE-2023-32354
- CVE-2023-32420
- CVE-2023-27930
- CVE-2023-32398
- CVE-2023-32413
- CVE-2023-32352
- CVE-2023-32428
- CVE-2023-32407
- CVE-2023-32368
- CVE-2023-32403
- CVE-2023-32437
- CVE-2023-32390
- CVE-2023-32357
- CVE-2023-32432
- CVE-2023-32391
- CVE-2023-32404
- CVE-2023-32394
- CVE-2023-32422
- CVE-2023-32376
- CVE-2023-28202
- CVE-2023-32412
- CVE-2023-32408
- CVE-2023-32415
- CVE-2023-32402
- CVE-2023-32423
- CVE-2023-32409
- CVE-2023-28204
- CVE-2023-32373
- CVE-2023-32389
- CVE-2023-32388
- CVE-2023-32379
- CVE-2023-32383
- CVE-2023-32371
- CVE-2023-32386
- CVE-2023-32360
- CVE-2023-32387
- CVE-2023-32414
- CVE-2023-32417
- CVE-2023-32410
- CVE-2023-27940
- CVE-2023-29469
- CVE-2023-42869
- CVE-2023-32369
- CVE-2023-32405
- CVE-2023-42958
- CVE-2023-32375
- CVE-2023-32382
- CVE-2023-32380
- CVE-2023-32355
- CVE-2023-32385
- CVE-2023-32395
- CVE-2023-32401
- CVE-2023-32363
- CVE-2023-32367
- CVE-2023-32397
- CVE-2023-22809
- CVE-2023-32425
- CVE-2023-32419
- CVE-2023-32365
Frequently Asked Questions
What is CVE-2023-32372?
CVE-2023-32372 is a vulnerability in ImageIO that allows for an out-of-bounds read, which may result in disclosure of process memory.
How does the vulnerability in ImageIO affect Apple devices?
The vulnerability affects iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4.
What is the severity of CVE-2023-32372?
The severity of CVE-2023-32372 is medium with a severity value of 5.5.
How can I fix CVE-2023-32372?
To fix CVE-2023-32372, update your Apple devices to iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, or macOS Ventura 13.4.
Where can I find more information about CVE-2023-32372?
You can find more information about CVE-2023-32372 on the Apple support page: [link](https://support.apple.com/en-us/HT213757).
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- vendor/apple
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/13.0
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple macos ventura
- canonical/apple ios