VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 23, 2023· Updated Dec 5, 2024

CVE-2023-32385

CVE-2023-32385

Description

Opening a crafted PDF in iOS 16.5, iPadOS 16.5, or macOS Ventura 13.4 or earlier can cause unexpected app termination (denial of service).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Opening a crafted PDF in iOS 16.5, iPadOS 16.5, or macOS Ventura 13.4 or earlier can cause unexpected app termination (denial of service).

Vulnerability

A denial-of-service vulnerability in the PDF parsing component of iOS, iPadOS, and macOS allows a crafted PDF to trigger unexpected app termination. The issue is present in iOS and iPadOS versions prior to 16.5, and macOS Ventura prior to 13.4 [1][2].

Exploitation

An attacker can trigger the vulnerability by sending or making available a specially crafted PDF file. The victim only needs to open the malicious PDF in any app that processes PDF content. No additional privileges or authentication are required beyond normal user interaction to open the file [1][2].

Impact

Successful exploitation causes the application that opened the PDF to terminate unexpectedly (denial of service). The impact is limited to app termination; the advisory does not indicate code execution or privilege escalation [1][2].

Mitigation

Apple addressed the issue with improved memory handling in iOS 16.5, iPadOS 16.5, and macOS Ventura 13.4, released on May 18, 2023 [1][2]. Users should update affected devices to these versions or later. No workarounds are documented.

References
  1. About the security content of macOS Ventura 13.4 - Apple Support
  2. About the security content of iOS 16.5 and iPadOS 16.5 - Apple Support

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.