- Vulnerability/
- ZDI-CAN-25338
ZDI-CAN-25338: ZDI-25-166: Apple macOS libFontParser Glyph Mapping Out-Of-Bounds Read Information Disclosure Vulnerability
First published: Tue Mar 18 2025(Updated: )
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontParser library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-54486.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-CAN-25338?
The severity of ZDI-CAN-25338 is considered high due to its potential to allow remote attackers to disclose sensitive information.
How can I fix ZDI-CAN-25338?
To fix ZDI-CAN-25338, users should update their Apple macOS to the latest version provided by Apple.
Which versions of macOS are affected by ZDI-CAN-25338?
ZDI-CAN-25338 affects installations of macOS that utilize the libFontParser library.
What type of information could be disclosed by exploiting ZDI-CAN-25338?
Exploiting ZDI-CAN-25338 may allow attackers to access sensitive information from the affected macOS installations.
What is required to exploit ZDI-CAN-25338?
Exploitation of ZDI-CAN-25338 requires interaction with the libFontParser library.
- collector/zdi-published
- source/ZDI
- alias/ZDI-CAN-25338
- agent/references
- agent/last-modified-date
- agent/source
- agent/title
- agent/description
- agent/first-publish-date
- agent/type
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/macos