CVE-2019-8766 - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed

CVE-2019-8766

Summary

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.

References

Vulnerable Configurations

cpe:2.3:a:apple:icloud:5.2:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:5.2:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:6.1.1:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:6.1.1:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:6.2:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:6.2:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.6:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.6:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.7:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.7:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.8.1:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.8.1:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.10:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.10:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.11:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.11:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.12:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.12:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.13:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.13:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.14:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.14:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.15:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.15:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.16:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.16:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.17:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.17:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.18:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.18:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.19:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.19:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.20:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.20:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.21:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:7.21:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:10.0:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:10.0:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:10.4:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:10.4:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:10.6:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:10.6:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:10.7:*:*:*:*:windows:*:*
cpe:2.3:a:apple:icloud:10.7:*:*:*:*:windows:*:*
cpe:2.3:o:apple:watchos:1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.2.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.2.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:2.2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.2.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:3.2.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.2.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.2.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:4.3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.3.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.3.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.3.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.3.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:5.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:6.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:6.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:6.0.1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 30-11-2021 - 21:08)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

rpms

webkitgtk4-0:2.28.2-2.el7
webkitgtk4-debuginfo-0:2.28.2-2.el7
webkitgtk4-devel-0:2.28.2-2.el7
webkitgtk4-doc-0:2.28.2-2.el7
webkitgtk4-jsc-0:2.28.2-2.el7
webkitgtk4-jsc-devel-0:2.28.2-2.el7
LibRaw-0:0.19.5-2.el8
LibRaw-debuginfo-0:0.19.5-2.el8
LibRaw-debugsource-0:0.19.5-2.el8
LibRaw-devel-0:0.19.5-2.el8
LibRaw-samples-debuginfo-0:0.19.5-2.el8
PackageKit-0:1.1.12-6.el8
PackageKit-command-not-found-0:1.1.12-6.el8
PackageKit-command-not-found-debuginfo-0:1.1.12-6.el8
PackageKit-cron-0:1.1.12-6.el8
PackageKit-debuginfo-0:1.1.12-6.el8
PackageKit-debugsource-0:1.1.12-6.el8
PackageKit-glib-0:1.1.12-6.el8
PackageKit-glib-debuginfo-0:1.1.12-6.el8
PackageKit-glib-devel-0:1.1.12-6.el8
PackageKit-gstreamer-plugin-0:1.1.12-6.el8
PackageKit-gstreamer-plugin-debuginfo-0:1.1.12-6.el8
PackageKit-gtk3-module-0:1.1.12-6.el8
PackageKit-gtk3-module-debuginfo-0:1.1.12-6.el8
dleyna-renderer-0:0.6.0-3.el8
dleyna-renderer-debuginfo-0:0.6.0-3.el8
dleyna-renderer-debugsource-0:0.6.0-3.el8
frei0r-devel-0:1.6.1-7.el8
frei0r-plugins-0:1.6.1-7.el8
frei0r-plugins-debuginfo-0:1.6.1-7.el8
frei0r-plugins-debugsource-0:1.6.1-7.el8
frei0r-plugins-opencv-0:1.6.1-7.el8
frei0r-plugins-opencv-debuginfo-0:1.6.1-7.el8
gdm-1:3.28.3-34.el8
gdm-debuginfo-1:3.28.3-34.el8
gdm-debugsource-1:3.28.3-34.el8
gnome-classic-session-0:3.32.1-11.el8
gnome-control-center-0:3.28.2-22.el8
gnome-control-center-debuginfo-0:3.28.2-22.el8
gnome-control-center-debugsource-0:3.28.2-22.el8
gnome-control-center-filesystem-0:3.28.2-22.el8
gnome-photos-0:3.28.1-3.el8
gnome-photos-debuginfo-0:3.28.1-3.el8
gnome-photos-debugsource-0:3.28.1-3.el8
gnome-photos-tests-0:3.28.1-3.el8
gnome-remote-desktop-0:0.1.8-3.el8
gnome-remote-desktop-debuginfo-0:0.1.8-3.el8
gnome-remote-desktop-debugsource-0:0.1.8-3.el8
gnome-session-0:3.28.1-10.el8
gnome-session-debuginfo-0:3.28.1-10.el8
gnome-session-debugsource-0:3.28.1-10.el8
gnome-session-wayland-session-0:3.28.1-10.el8
gnome-session-xsession-0:3.28.1-10.el8
gnome-settings-daemon-0:3.32.0-11.el8
gnome-settings-daemon-debuginfo-0:3.32.0-11.el8
gnome-settings-daemon-debugsource-0:3.32.0-11.el8
gnome-shell-0:3.32.2-20.el8
gnome-shell-debuginfo-0:3.32.2-20.el8
gnome-shell-debugsource-0:3.32.2-20.el8
gnome-shell-extension-apps-menu-0:3.32.1-11.el8
gnome-shell-extension-auto-move-windows-0:3.32.1-11.el8
gnome-shell-extension-common-0:3.32.1-11.el8
gnome-shell-extension-dash-to-dock-0:3.32.1-11.el8
gnome-shell-extension-desktop-icons-0:3.32.1-11.el8
gnome-shell-extension-disable-screenshield-0:3.32.1-11.el8
gnome-shell-extension-drive-menu-0:3.32.1-11.el8
gnome-shell-extension-horizontal-workspaces-0:3.32.1-11.el8
gnome-shell-extension-launch-new-instance-0:3.32.1-11.el8
gnome-shell-extension-native-window-placement-0:3.32.1-11.el8
gnome-shell-extension-no-hot-corner-0:3.32.1-11.el8
gnome-shell-extension-panel-favorites-0:3.32.1-11.el8
gnome-shell-extension-places-menu-0:3.32.1-11.el8
gnome-shell-extension-screenshot-window-sizer-0:3.32.1-11.el8
gnome-shell-extension-systemMonitor-0:3.32.1-11.el8
gnome-shell-extension-top-icons-0:3.32.1-11.el8
gnome-shell-extension-updates-dialog-0:3.32.1-11.el8
gnome-shell-extension-user-theme-0:3.32.1-11.el8
gnome-shell-extension-window-grouper-0:3.32.1-11.el8
gnome-shell-extension-window-list-0:3.32.1-11.el8
gnome-shell-extension-windowsNavigator-0:3.32.1-11.el8
gnome-shell-extension-workspace-indicator-0:3.32.1-11.el8
gnome-terminal-0:3.28.3-2.el8
gnome-terminal-debuginfo-0:3.28.3-2.el8
gnome-terminal-debugsource-0:3.28.3-2.el8
gnome-terminal-nautilus-0:3.28.3-2.el8
gnome-terminal-nautilus-debuginfo-0:3.28.3-2.el8
gsettings-desktop-schemas-0:3.32.0-5.el8
gsettings-desktop-schemas-devel-0:3.32.0-5.el8
gtk-doc-0:1.28-2.el8
gtk-update-icon-cache-0:3.22.30-6.el8
gtk-update-icon-cache-debuginfo-0:3.22.30-6.el8
gtk3-0:3.22.30-6.el8
gtk3-debuginfo-0:3.22.30-6.el8
gtk3-debugsource-0:3.22.30-6.el8
gtk3-devel-0:3.22.30-6.el8
gtk3-devel-debuginfo-0:3.22.30-6.el8
gtk3-immodule-xim-0:3.22.30-6.el8
gtk3-immodule-xim-debuginfo-0:3.22.30-6.el8
gtk3-immodules-debuginfo-0:3.22.30-6.el8
gtk3-tests-debuginfo-0:3.22.30-6.el8
gvfs-0:1.36.2-10.el8
gvfs-afc-0:1.36.2-10.el8
gvfs-afc-debuginfo-0:1.36.2-10.el8
gvfs-afp-0:1.36.2-10.el8
gvfs-afp-debuginfo-0:1.36.2-10.el8
gvfs-archive-0:1.36.2-10.el8
gvfs-archive-debuginfo-0:1.36.2-10.el8
gvfs-client-0:1.36.2-10.el8
gvfs-client-debuginfo-0:1.36.2-10.el8
gvfs-debuginfo-0:1.36.2-10.el8
gvfs-debugsource-0:1.36.2-10.el8
gvfs-devel-0:1.36.2-10.el8
gvfs-fuse-0:1.36.2-10.el8
gvfs-fuse-debuginfo-0:1.36.2-10.el8
gvfs-goa-0:1.36.2-10.el8
gvfs-goa-debuginfo-0:1.36.2-10.el8
gvfs-gphoto2-0:1.36.2-10.el8
gvfs-gphoto2-debuginfo-0:1.36.2-10.el8
gvfs-mtp-0:1.36.2-10.el8
gvfs-mtp-debuginfo-0:1.36.2-10.el8
gvfs-smb-0:1.36.2-10.el8
gvfs-smb-debuginfo-0:1.36.2-10.el8
libsoup-0:2.62.3-2.el8
libsoup-debuginfo-0:2.62.3-2.el8
libsoup-debugsource-0:2.62.3-2.el8
libsoup-devel-0:2.62.3-2.el8
mutter-0:3.32.2-48.el8
mutter-debuginfo-0:3.32.2-48.el8
mutter-debugsource-0:3.32.2-48.el8
mutter-devel-0:3.32.2-48.el8
mutter-tests-debuginfo-0:3.32.2-48.el8
nautilus-0:3.28.1-14.el8
nautilus-debuginfo-0:3.28.1-14.el8
nautilus-debugsource-0:3.28.1-14.el8
nautilus-devel-0:3.28.1-14.el8
nautilus-extensions-0:3.28.1-14.el8
nautilus-extensions-debuginfo-0:3.28.1-14.el8
pipewire-0:0.3.6-1.el8
pipewire-alsa-debuginfo-0:0.3.6-1.el8
pipewire-debuginfo-0:0.3.6-1.el8
pipewire-debugsource-0:0.3.6-1.el8
pipewire-devel-0:0.3.6-1.el8
pipewire-doc-0:0.3.6-1.el8
pipewire-gstreamer-debuginfo-0:0.3.6-1.el8
pipewire-libs-0:0.3.6-1.el8
pipewire-libs-debuginfo-0:0.3.6-1.el8
pipewire-utils-0:0.3.6-1.el8
pipewire-utils-debuginfo-0:0.3.6-1.el8
pipewire0.2-debugsource-0:0.2.7-6.el8
pipewire0.2-devel-0:0.2.7-6.el8
pipewire0.2-libs-0:0.2.7-6.el8
pipewire0.2-libs-debuginfo-0:0.2.7-6.el8
potrace-0:1.15-3.el8
potrace-debuginfo-0:1.15-3.el8
potrace-debugsource-0:1.15-3.el8
pygobject3-debuginfo-0:3.28.3-2.el8
pygobject3-debugsource-0:3.28.3-2.el8
pygobject3-devel-0:3.28.3-2.el8
python3-gobject-0:3.28.3-2.el8
python3-gobject-base-0:3.28.3-2.el8
python3-gobject-base-debuginfo-0:3.28.3-2.el8
python3-gobject-debuginfo-0:3.28.3-2.el8
tracker-0:2.1.5-2.el8
tracker-debuginfo-0:2.1.5-2.el8
tracker-debugsource-0:2.1.5-2.el8
tracker-devel-0:2.1.5-2.el8
vte-profile-0:0.52.4-2.el8
vte291-0:0.52.4-2.el8
vte291-debuginfo-0:0.52.4-2.el8
vte291-debugsource-0:0.52.4-2.el8
vte291-devel-0:0.52.4-2.el8
vte291-devel-debuginfo-0:0.52.4-2.el8
webkit2gtk3-0:2.28.4-1.el8
webkit2gtk3-debuginfo-0:2.28.4-1.el8
webkit2gtk3-debugsource-0:2.28.4-1.el8
webkit2gtk3-devel-0:2.28.4-1.el8
webkit2gtk3-devel-debuginfo-0:2.28.4-1.el8
webkit2gtk3-jsc-0:2.28.4-1.el8
webkit2gtk3-jsc-debuginfo-0:2.28.4-1.el8
webkit2gtk3-jsc-devel-0:2.28.4-1.el8
webkit2gtk3-jsc-devel-debuginfo-0:2.28.4-1.el8
webrtc-audio-processing-0:0.3-9.el8
webrtc-audio-processing-debuginfo-0:0.3-9.el8
webrtc-audio-processing-debugsource-0:0.3-9.el8
xdg-desktop-portal-0:1.6.0-2.el8
xdg-desktop-portal-debuginfo-0:1.6.0-2.el8
xdg-desktop-portal-debugsource-0:1.6.0-2.el8
xdg-desktop-portal-gtk-0:1.6.0-1.el8
xdg-desktop-portal-gtk-debuginfo-0:1.6.0-1.el8
xdg-desktop-portal-gtk-debugsource-0:1.6.0-1.el8

refmap via4

gentoo	GLSA-202003-22
misc	https://support.apple.com/HT210724 https://support.apple.com/HT210727

Last major update

30-11-2021 - 21:08

Published

18-12-2019 - 18:15

Last modified

30-11-2021 - 21:08