VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 20, 2012· Updated Apr 29, 2026

CVE-2012-3726

CVE-2012-3726

Description

Double free vulnerability in ImageIO in Apple iOS before 6 allows remote code execution or denial of service via a crafted JPEG image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Double free vulnerability in ImageIO in Apple iOS before 6 allows remote code execution or denial of service via a crafted JPEG image.

Vulnerability

A double free vulnerability exists in the ImageIO framework of Apple iOS versions prior to 6. The flaw occurs when processing a specially crafted JPEG image, leading to memory corruption. Affected versions include iOS 5.x and earlier on iPhone 3GS and later, iPod touch (4th generation) and later, and iPad 2 and later [1].

Exploitation

An attacker can exploit this vulnerability by delivering a malicious JPEG image to the target device through vectors such as email, web browsing, or MMS. No authentication is required, but user interaction (e.g., opening the image) is necessary. The crafted image triggers a double free in ImageIO's JPEG parsing code, causing memory corruption that can be leveraged for code execution.

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected application (e.g., MobileMail or Safari), potentially leading to full device compromise. Alternatively, the corruption can cause a denial of service via application crash. The impact is limited to the application's sandbox, but code execution could enable further escalation.

Mitigation

Apple addressed this vulnerability in iOS 6, released on September 19, 2012 [1]. Users should update to iOS 6 or later via iTunes. No workarounds are available for unpatched versions. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

References
  1. About the security content of iOS 6 - Apple Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

41
  • Apple Inc./Iphone OS40 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 39 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=5.1.1
    • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.