CVE-2022-32907

Related Files

AppleAVD AppleAVDUserClient::decodeFrameFig Memory Corruption

Posted Nov 18, 2022

Authored by Google Security Research, natashenka

In the function AppleAVDUserClient::decodeFrameFig, a location in the decoder's IOSurface input buffer is calculated, and then bzero is called on it. The size of this IOSurface's allocation is controllable by the userspace caller, so the calculated pointer can go out of bounds, leading to memory corruption. This issue could potentially allow an unprivileged local application to escalate its privileges to the kernel.

tags | exploit, kernel, local

advisories | CVE-2022-32907

SHA-256 | a9f971c8dcec3381b92b6bafb61fc99c1b1da326eec460ede2682c51580f3f3e

Download | Favorite | View

Apple Security Advisory 2022-10-27-11

Posted Oct 31, 2022

Authored by Apple | Site apple.com

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, overflow, spoof, vulnerability, code execution

systems | apple

advisories | CVE-2021-36690, CVE-2022-1622, CVE-2022-32864, CVE-2022-32866, CVE-2022-32879, CVE-2022-32881, CVE-2022-32886, CVE-2022-32888, CVE-2022-32891, CVE-2022-32903, CVE-2022-32907, CVE-2022-32908, CVE-2022-32911, CVE-2022-32912

SHA-256 | 63c5867db3906364c96b636cc725186f8a902a06bbf76b96d5290afa0a3aa6ea

Download | Favorite | View