CVE-2024-44201 - Vulnerability Details

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted file may lead to a denial-of-service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Ipados Iphone Os Macos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Dec/6
http://seclists.org/fulldisclosure/2024/Dec/8
http://seclists.org/fulldisclosure/2024/Dec/9
https://support.apple.com/en-us/121563
https://support.apple.com/en-us/121838
https://support.apple.com/en-us/121840
https://support.apple.com/en-us/121842

History

Mon, 03 Nov 2025 22:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2024/Dec/6 http://seclists.org/fulldisclosure/2024/Dec/8 http://seclists.org/fulldisclosure/2024/Dec/9

Fri, 13 Dec 2024 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple macos
Weaknesses		CWE-404 NVD-CWE-noinfo
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple macos
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Dec 2024 23:15:00 +0000

Type	Values Removed	Values Added
Description		The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted file may lead to a denial-of-service.
References		https://support.apple.com/en-us/121563 https://support.apple.com/en-us/121838 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-12-11T22:59:08.652Z

Updated: 2025-11-03T22:08:05.787Z

Reserved: 2024-08-20T21:42:05.937Z

Link: CVE-2024-44201

Vulnrichment

Updated: 2024-12-13T18:31:35.627Z

NVD

Status : Modified

Published: 2024-12-12T02:15:23.313

Modified: 2025-11-03T22:18:25.473

Link: CVE-2024-44201

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object