CVE-2022-26706
https://notcve.org/view.php?id=CVE-2022-26706
An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. Se abordó un problema de acceso con restricciones adicionales de sandbox en aplicaciones de terceros. Este problema es corregido en tvOS versión 15.5, iOS versión 15.5 y iPadOS versión 15.5, watchOS versión 8.6, macOS Big Sur versión 11.6.6, macOS Monterey versión 12.4. • https://support.apple.com/en-us/HT213253 https://support.apple.com/en-us/HT213254 https://support.apple.com/en-us/HT213256 https://support.apple.com/en-us/HT213257 https://support.apple.com/en-us/HT213258 •
CVE-2022-26710 – webkitgtk: Use-after-free leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-26710
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. Se solucionó un problema de uso después de la liberación con una gestión de memoria mejorada. Este problema se solucionó en iOS 15.5 y iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. • https://support.apple.com/en-us/HT213253 https://support.apple.com/en-us/HT213254 https://support.apple.com/en-us/HT213257 https://support.apple.com/en-us/HT213258 https://access.redhat.com/security/cve/CVE-2022-26710 https://bugzilla.redhat.com/show_bug.cgi?id=2104789 • CWE-416: Use After Free •
CVE-2022-26719 – webkitgtk: Memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-26719
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de la memoria con una gestión estatal mejorada. Este problema se solucionó en tvOS 15.5, iOS 15.5 y iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. • https://support.apple.com/en-us/HT213253 https://support.apple.com/en-us/HT213254 https://support.apple.com/en-us/HT213257 https://support.apple.com/en-us/HT213258 https://support.apple.com/en-us/HT213260 https://access.redhat.com/security/cve/CVE-2022-26719 https://bugzilla.redhat.com/show_bug.cgi?id=2092736 • CWE-787: Out-of-bounds Write CWE-1173: Improper Use of Validation Framework •
CVE-2022-26711 – Apple macOS ImageIO WebP File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26711
An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Se abordó un problema de desbordamiento de enteros con una comprobación de entradas mejorada. Este problema es corregido en tvOS versión 15.5, iTunes versión 12.12.4 para Windows, iOS versión 15.5 y iPadOS versión 15.5, watchOS versión 8.6, macOS Monterey versión 12.4. • https://support.apple.com/en-us/HT213253 https://support.apple.com/en-us/HT213254 https://support.apple.com/en-us/HT213257 https://support.apple.com/en-us/HT213258 https://support.apple.com/en-us/HT213259 • CWE-190: Integer Overflow or Wraparound •
CVE-2022-1622
https://notcve.org/view.php?id=CVE-2022-1622
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. La rama maestra de LibTIFF presenta una lectura fuera de límites en LZWDecode en libtiff/tif_lzw.c:619, permitiendo a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit b4e79bfa • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/39 http://seclists.org/fulldisclosure/2022/Oct/41 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a https://gitlab.com/libtiff/libtiff/-/issues/410 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3 https://lists.fedoraproject.o • CWE-125: Out-of-bounds Read •