Watchos
CVE-2016-1811
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
AnalysisAI
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. Affected products include: Apple Watchos, Apple Tvos, Apple Iphone Os, Apple Mac Os X. Version information: before 9.3.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authenticati
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01
WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing malici
An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is low attack comp
An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authenticati
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in I
An issue was discovered in certain Apple products. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex
An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attacke
An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today