- Vulnerability/
- ZDI-25-171
ZDI-25-171: Apple macOS ImageIO Pixel Conversion Out-Of-Bounds Read Information Disclosure Vulnerability
First published: Tue Mar 18 2025(Updated: )
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-54500.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-25-171?
The severity of ZDI-25-171 is classified as high due to the potential for remote attackers to disclose sensitive information.
How do I fix ZDI-25-171?
To fix ZDI-25-171, ensure your Apple macOS is updated to the latest version where the vulnerability has been patched.
What versions of macOS are affected by ZDI-25-171?
ZDI-25-171 affects various installations of Apple macOS without specific version restrictions mentioned.
What are the potential attack vectors for ZDI-25-171?
Attack vectors for ZDI-25-171 may vary based on implementation but generally involve interaction with the ImageIO framework.
What type of vulnerability is ZDI-25-171?
ZDI-25-171 is classified as a remote information disclosure vulnerability.
- collector/zdi-published
- source/ZDI
- alias/ZDI-CAN-25242
- agent/references
- agent/last-modified-date
- agent/source
- agent/title
- agent/description
- agent/first-publish-date
- agent/type
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/macos