Home

CVE-2019-8745

Description

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing a maliciously crafted text file may lead to arbitrary code execution.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.09

Associated Vulnerability

VulnerabilityOS Platform
Unquoted service path vulnerability and multiple other vulnerabilities for Apple iTunesWindows
Unquoted service path vulnerability and multiple other vulnerabilities for Apple iTunes (x64)Windows
Unquoted service path vulnerability and multiple other vulnerabilities for Apple iCloudWindows
Multiple vulnerabilities fixed in iCloud 10.7Windows
Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.9.6Windows
Multiple Vulnerabilities are affected in Apple iTunes 12.9.6Windows
Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.10.0Windows
Multiple Vulnerabilities are affected in Apple iTunes 12.10.0Windows
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.7 - Auto RebootMac
Multiple vulnerabilities are fixed in macOS Catalina 10.15.7 Combo Update - Auto RebootMac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.6Mac
Multiple vulnerabilities are fixed in macOS Catalina 10.15.6 Combo UpdateMac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.5Mac
Multiple vulnerabilities are fixed in macOS Catalina 10.15.5 Combo UpdateMac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.5 (Deployment-Only)Mac
Multiple vulnerabilities are fixed in macOS Catalina 10.15.5 Combo Update (Deployment-Only)Mac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.4Mac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.4 Combo UpdateMac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.4 (Deployment-Only)Mac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.4 Combo Update (Deployment-Only)Mac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.3Mac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.3 Combo UpdateMac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2Mac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2 Combo UpdateMac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.1Mac
Multiple Vulnerabilities are affected in Apple iTunes For Mac 12.9.6Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-311174Apple iTunes (12.10.1.4)
PATCH-311175Apple iTunes (X64) (12.10.1.4)
PATCH-311176iCloud (7.14.0.29)
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)
PATCH-310919Apple iTunes (X64) (12.10.0.7)
PATCH-310917Apple iTunes (12.10.0.7)
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot
PATCH-602736MacOS Catalina 10.15.5 (Deployment-Only)
PATCH-602738macOS Catalina 10.15.5 Combo Update (Deployment-Only)
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot
PATCH-602735MacOS Catalina 10.15.4 (Deployment-Only)
PATCH-602737MacOS Catalina 10.15.4 Combo Update (Deployment-Only)
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234