CVE-2024-27812: Input Validation
First published: Mon Jun 10 2024(Updated: )
AVEVideoEncoder. The issue was addressed with improved memory handling.
Credit: Pan ZhenPeng @Peterpan0927 STAR Labs SG Ptean anonymous researcher an anonymous researcher MIT CSAIL MIT CSAILJoseph Ravichandran @0xjprx MIT CSAILNick Wellnhofer Daniel Zajork Joshua Zajork Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeMichael DePlante @izobashi Trend Micro Zero Day InitiativeNarendra Bhati Suma Soft PvtShaheen Fazim Mickey Jin @patch1t Maksymilian Motyl Immunity SystemsJunsung Lee Trend Micro Zero Day Initiative ajajfxhj Emilio Cobos MozillaLukas Bernhard CISPA Helmholtz Center for Information SecurityRyan Pickren (ryanpickren.com) Manfred Paul @_manfp Trend Micro Zero Day InitiativeNan Wang @eternalsakura13 360 Vulnerability Research InstituteJoe Rutkowski @Joe12387 Crawless @abrahamjuliot Jeff Johnson underpassappAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsCertiK SkyFall Team pattern-f @pattern_F_ Ant Security Light product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| visionOS | <1.2 | 1.2 |
| visionOS | <1.2 | |
| <1.2 | 1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-40771
- CVE-2024-27817
- CVE-2024-27831
- CVE-2024-27832
- CVE-2024-27801
- CVE-2024-27836
- CVE-2024-27828
- CVE-2024-27840
- CVE-2024-27815
- CVE-2024-27811
- CVE-2024-27800
- CVE-2024-27802
- CVE-2024-27857
- CVE-2024-27844
- CVE-2024-27884
- CVE-2024-27856
- CVE-2024-27838
- CVE-2024-27808
- CVE-2024-27812
- CVE-2024-27850
- CVE-2024-27833
- CVE-2024-27851
- CVE-2024-27830
- CVE-2024-27820
Frequently Asked Questions
What is the severity of CVE-2024-27812?
CVE-2024-27812 has been categorized as a denial-of-service vulnerability.
How do I fix CVE-2024-27812?
To fix CVE-2024-27812, users should upgrade to visionOS version 1.2 or later.
What software is affected by CVE-2024-27812?
CVE-2024-27812 affects Apple visionOS versions prior to 1.2.
What type of issue is CVE-2024-27812?
CVE-2024-27812 is a logic issue related to file handling in WebKit.
Can CVE-2024-27812 be exploited remotely?
Yes, CVE-2024-27812 can potentially be exploited through processing malicious web content.
- agent/first-publish-date
- agent/type
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/source
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- collector/apple-support
- source/Apple
- alias/CVE-2024-27840
- alias/CVE-2024-27815
- alias/CVE-2024-27811
- alias/CVE-2024-27800
- alias/CVE-2024-27802
- alias/CVE-2024-27857
- alias/CVE-2024-27844
- alias/CVE-2024-27884
- alias/CVE-2024-27856
- alias/CVE-2024-27838
- alias/CVE-2024-27808
- alias/CVE-2024-27812
- alias/CVE-2024-27850
- alias/CVE-2024-27833
- alias/CVE-2024-27851
- alias/CVE-2024-27830
- alias/CVE-2024-27820
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- alias/CVE-2024-27832
- alias/CVE-2024-27801
- alias/CVE-2024-27836
- alias/CVE-2024-27828
- alias/CVE-2024-27817
- alias/CVE-2024-27831
- collector/nvd-api
- source/NVD
- agent/author
- agent/tags
- agent/softwarecombine
- vendor/apple
- canonical/visionos