CVE-2025-43445
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Lifecycle Timeline
2Description
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Analysis
An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Affected products include: Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos, Apple Visionos.
Affected Products
Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos, Apple Visionos.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today