Home

CVE-2019-8615

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.728

Associated Vulnerability

VulnerabilityOS Platform
Update iCloud (7.12.0.14) fixes multiple vulnerabilities.Windows
Update Apple iTunes (X64) (12.9.5.7) fixes multiple vulnerabilities.Windows
iCloud 10.4 fixes multiple vulnerabilities in Windows 10 version 18362.145 or higherWindows
Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.9.4Windows
Multiple Vulnerabilities are affected in Apple iTunes 12.9.4Windows
Multiple vulnerabilities are fixed in macOS Mojave 10.14.5 Combo UpdateMac
Multiple vulnerabilities are fixed in macOS Mojave 10.14.5Mac
Multiple Vulnerabilities are affected in Apple iTunes For Mac 12.9.4Mac
Multiple Vulnerabilities are affected in Apple Safari 12.1Mac
Multiple Vulnerabilities are affected in Apple Safari for MAC 12.1Mac
Web content engine library for GTK+ (USN-3992-1) libwebkit2gtk-4.0-37_2.24.2-0ubuntu0.18.04.1_i386.debLinux
Web content engine library for GTK+ (USN-3992-1) libwebkit2gtk-4.0-37_2.24.2-0ubuntu0.18.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-3992-1) libwebkit2gtk-4.0-37_2.24.2-0ubuntu0.18.10.1_i386.debLinux
Web content engine library for GTK+ (USN-3992-1) libwebkit2gtk-4.0-37_2.24.2-0ubuntu0.18.10.1_amd64.debLinux
Web content engine library for GTK+ (USN-3992-1) libwebkit2gtk-4.0-37_2.24.2-0ubuntu0.19.04.1_i386.debLinux
Web content engine library for GTK+ (USN-3992-1) libwebkit2gtk-4.0-37_2.24.2-0ubuntu0.19.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-3992-1) libjavascriptcoregtk-4.0-18_2.24.2-0ubuntu0.18.04.1_i386.debLinux
Web content engine library for GTK+ (USN-3992-1) libjavascriptcoregtk-4.0-18_2.24.2-0ubuntu0.18.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-3992-1) libjavascriptcoregtk-4.0-18_2.24.2-0ubuntu0.18.10.1_i386.debLinux
Web content engine library for GTK+ (USN-3992-1) libjavascriptcoregtk-4.0-18_2.24.2-0ubuntu0.18.10.1_amd64.debLinux
Web content engine library for GTK+ (USN-3992-1) libjavascriptcoregtk-4.0-18_2.24.2-0ubuntu0.19.04.1_i386.debLinux
Web content engine library for GTK+ (USN-3992-1) libjavascriptcoregtk-4.0-18_2.24.2-0ubuntu0.19.04.1_amd64.debLinux
SUSE-SU-2019:2345-1(SUSE Linux Enterprise Server 12-SP4 ) libjavascriptcoregtk-4_0-18-2.24.4-2.47.1.x86_64.rpmLinux
SUSE-SU-2019:2345-1(SUSE Linux Enterprise Server 12-SP4 ) libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1.x86_64.rpmLinux
SUSE-SU-2019:2345-1(SUSE Linux Enterprise Server 12-SP4 ) libwebkit2gtk-4_0-37-2.24.4-2.47.1.x86_64.rpmLinux
SUSE-SU-2019:2345-1(SUSE Linux Enterprise Server 12-SP4 ) libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1.x86_64.rpmLinux
SUSE-SU-2019:2345-1(SUSE Linux Enterprise Server 12-SP4 ) libwebkit2gtk3-lang-2.24.4-2.47.1.noarch.rpmLinux
SUSE-SU-2019:2345-1(SUSE Linux Enterprise Server 12-SP4 ) typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1.x86_64.rpmLinux
SUSE-SU-2019:2345-1(SUSE Linux Enterprise Server 12-SP4 ) typelib-1_0-WebKit2-4_0-2.24.4-2.47.1.x86_64.rpmLinux
SUSE-SU-2019:2345-1(SUSE Linux Enterprise Server 12-SP4 ) webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1.x86_64.rpmLinux
SUSE-SU-2019:2345-1(SUSE Linux Enterprise Server 12-SP4 ) webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1.x86_64.rpmLinux
SUSE-SU-2019:2345-1(SUSE Linux Enterprise Server 12-SP4 ) webkit2gtk3-debugsource-2.24.4-2.47.1.x86_64.rpmLinux
(RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.i686.rpmLinux
(RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.x86_64.rpmLinux
(RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.i686.rpmLinux
(RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.x86_64.rpmLinux
(RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-doc-2.28.2-2.el7.noarch.rpmLinux
(RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.i686.rpmLinux
(RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpmLinux
(RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpmLinux
(RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpmLinux
(CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.i686.rpmLinux
(CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.i686.rpmLinux
(CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.i686.rpmLinux
(CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpmLinux
(CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.x86_64.rpmLinux
(CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.x86_64.rpmLinux
(CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-doc-2.28.2-2.el7.noarch.rpmLinux
(CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpmLinux
(CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) pidgin-2.13.0-5.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) libpurple-2.13.0-5.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) libpurple-2.13.0-5.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-2.36.12-5.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-2.36.12-5.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-3.32.2-1.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-3.32.2-1.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-devel-2.36.12-5.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-devel-2.36.12-5.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-modules-2.36.12-5.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-modules-2.36.12-5.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-devel-3.32.2-1.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-devel-3.32.2-1.el8.x86_64.rpmLinux
Low: GNOME security, bug fix, and enhancement update pidgin-2.13.0-5.el8.x86_64.rpmLinux
Low: GNOME security, bug fix, and enhancement update libpurple-2.13.0-5.el8.i686.rpmLinux
Low: GNOME security, bug fix, and enhancement update libpurple-2.13.0-5.el8.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-309928iCloud (7.12.0.14)
PATCH-309938Apple iTunes (X64) (12.9.5.7)
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)
PATCH-602005macOS Mojave 10.14.6 Combo Update
PATCH-602004macOS Mojave 10.14.6
PATCH-611604Apple Safari for MAC (MacOS Sonoma) (18.6)
PATCH-611604Apple Safari for MAC (MacOS Sonoma) (18.6)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234