CVE-2024-40779

Advisory lineage Upstream: 0 Downstream: 22
Modified
Published: 29 Jul 2024, 22:16
Last modified:02 Apr 2026, 18:09

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
v3.1 (cve.org)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

29 Jul 2024, 22:16
Published
Vulnerability first disclosed
02 Apr 2026, 18:09
Last Modified
Vulnerability information updated

Description

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.03% Percentile: 9%

Techniques & Countermeasures

  • CWE-125Out-of-bounds Read

    The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

  • appleios and ipados

    ≥ unspecified, < 17.6 | ≥ unspecified, < 16.7 | < 16.7.9 | < 17.6

  • appleipados

    < 16.7.9 | ≥ 17.0, < 17.6

  • appleiphone_os

    < 16.7.9 | ≥ 17.0, < 17.6

  • applemacos

    ≥ unspecified, < 14.6 | < 14.6

  • applesafari

    ≥ unspecified, < 17.6 | < 17.6

  • appletvos

    ≥ unspecified, < 17.6 | < 17.6

  • applevisionos

    ≥ unspecified, < 1.3 | < 1.3

  • applewatchos

    ≥ unspecified, < 10.6 | < 10.6

References (29)