Vulnerability Details : CVE-2019-8815
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2019-8815
Probability of exploitation activity in the next 30 days: 0.54%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-8815
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
[email protected] |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
[email protected] |
CWE ids for CVE-2019-8815
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: [email protected] (Primary)
References for CVE-2019-8815
-
https://support.apple.com/HT210727
Vendor Advisory
-
https://support.apple.com/HT210725
Vendor Advisory
-
https://support.apple.com/HT210728
Vendor Advisory
-
https://support.apple.com/HT210723
Vendor Advisory
-
https://support.apple.com/HT210721
Vendor Advisory
-
https://support.apple.com/HT210726
Vendor Advisory
-
https://security.gentoo.org/glsa/202003-22
Third Party Advisory
Products affected by CVE-2019-8815
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
- cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*