CVE-2023-40416: Buffer Overflow
First published: Wed Oct 25 2023(Updated: )
ImageIO. The issue was addressed with improved memory handling.
Credit: JZ JZ JZ JZ JZ product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <16.7.2 | 16.7.2 |
| Apple iPadOS | <16.7.2 | 16.7.2 |
| Apple iOS | <17.1 | 17.1 |
| Apple iPadOS | <17.1 | 17.1 |
| <12.7.1 | 12.7.1 | |
| Apple macOS Sonoma | <14.1 | 14.1 |
| Apple macOS Ventura | <13.6.1 | 13.6.1 |
| Apple iPadOS | <16.7.2 | |
| Apple iPadOS | >=17.0<17.1 | |
| Apple iPhone OS | <16.7.2 | |
| Apple iPhone OS | >=17.0<17.1 | |
| Apple macOS | >=12.0.0<12.7.1 | |
| Apple macOS | >=13.0<13.6.1 | |
| Apple macOS | >=14.0<14.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213981 (Advisory)
- https://support.apple.com/en-us/HT213982 (Advisory)
- https://support.apple.com/en-us/HT213983 (Advisory)
- https://support.apple.com/en-us/HT213984 (Advisory)
- https://support.apple.com/en-us/HT213985 (Advisory)
- https://support.apple.com/kb/HT213982
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213985
- https://support.apple.com/kb/HT213981
- https://support.apple.com/kb/HT213983
- http://seclists.org/fulldisclosure/2023/Oct/23
- http://seclists.org/fulldisclosure/2023/Oct/19
- http://seclists.org/fulldisclosure/2023/Oct/21
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/26
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-42952
- CVE-2023-40449
- CVE-2023-42823
- CVE-2023-42854
- CVE-2023-40413
- CVE-2023-42844
- CVE-2023-40446
- CVE-2023-40416
- CVE-2023-40423
- CVE-2023-42849
- CVE-2023-42856
- CVE-2023-42859
- CVE-2023-42877
- CVE-2023-42840
- CVE-2023-42889
- CVE-2023-42853
- CVE-2023-42860
- CVE-2023-42873
- CVE-2023-40425
- CVE-2023-36191
- CVE-2023-40421
- CVE-2023-41975
- CVE-2023-42858
- CVE-2023-41077
- CVE-2023-42848
- CVE-2023-38403
- CVE-2023-42942
- CVE-2023-40401
- CVE-2023-42841
- CVE-2023-41254
- CVE-2023-41072
- CVE-2023-42857
- CVE-2023-42928
- CVE-2023-42834
- CVE-2023-42953
- CVE-2023-40408
- CVE-2023-42846
- CVE-2023-42847
- CVE-2023-42845
- CVE-2023-42951
- CVE-2023-42836
- CVE-2023-42839
- CVE-2023-42855
- CVE-2023-42878
- CVE-2023-41982
- CVE-2023-41997
- CVE-2023-41988
- CVE-2023-42946
- CVE-2023-40445
- CVE-2023-40447
- CVE-2023-41976
- CVE-2023-42852
- CVE-2023-42843
- CVE-2023-42939
- CVE-2023-41983
- CVE-2023-41977
- CVE-2023-32359
- CVE-2023-30774
- CVE-2023-40444
- CVE-2023-42945
- CVE-2023-41989
- CVE-2023-42850
- CVE-2023-42861
- CVE-2023-42935
- CVE-2023-40405
- CVE-2023-28826
- CVE-2023-40404
- CVE-2023-42838
- CVE-2023-42835
- CVE-2023-42438
- CVE-2023-42842
- CVE-2023-4733
- CVE-2023-4734
- CVE-2023-4735
- CVE-2023-4736
- CVE-2023-4738
- CVE-2023-4750
- CVE-2023-4751
- CVE-2023-4752
- CVE-2023-4781
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-40416.
What is the title of the vulnerability?
The title of the vulnerability is ImageIO. The issue was addressed with improved memory handling.
How does the vulnerability affect image processing?
Processing an image may result in disclosure of process memory.
Which software versions are affected by this vulnerability?
The vulnerability affects macOS Sonoma 14.1, iOS 16.7.2, iPadOS 16.7.2, macOS Monterey 12.7.1, macOS Ventura 13.6.1, iOS 17.1, and iPadOS 17.1.
How was the vulnerability fixed?
The vulnerability was fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, and macOS Sonoma 14.1 with improved memory handling.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/event
- agent/description
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- vendor/apple
- canonical/apple macos monterey
- canonical/apple macos ventura
- canonical/apple ios
- canonical/apple ipados
- version/apple ipados/17.0
- canonical/apple iphone os
- version/apple iphone os/17.0
- canonical/apple macos
- version/apple macos/12.0.0
- version/apple macos/13.0
- version/apple macos/14.0
- canonical/apple macos sonoma