CVE-2024-44142

The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.
References
Link Resource
https://support.apple.com/en-us/121866 Vendor Advisory Release Notes
http://seclists.org/fulldisclosure/2025/Feb/2 Vendor Advisory Release Notes
Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*

History

18 Mar 2025, 16:06

Type Values Removed Values Added
First Time Apple garageband
Apple
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*
References () https://support.apple.com/en-us/121866 - () https://support.apple.com/en-us/121866 - Vendor Advisory, Release Notes
References () http://seclists.org/fulldisclosure/2025/Feb/2 - () http://seclists.org/fulldisclosure/2025/Feb/2 - Vendor Advisory, Release Notes

02 Feb 2025, 10:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2025/Feb/2 -

31 Jan 2025, 20:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
Summary
  • (es) El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en GarageBand 10.4.12. El procesamiento de una imagen manipulado malintencionada puede provocar la ejecución de código arbitrario.

30 Jan 2025, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-30 19:15

Updated : 2025-03-18 16:06


NVD link : CVE-2024-44142

Mitre link : CVE-2024-44142

CVE.ORG link : CVE-2024-44142


JSON object : View

Products Affected

apple

  • garageband