Medium severity5.5NVD Advisory· Published Feb 11, 2026· Updated Apr 2, 2026
CVE-2026-20634
CVE-2026-20634
Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <18.7.5
- (no CPE)range: < 18.7.5 and < 26.3
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <26.3
- (no CPE)range: < 26.3
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*range: <26.3
- (no CPE)range: < 26.3
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <26.3
- (no CPE)range: < 26.3
- Range: < 18.7.5 and < 26.3
- Range: < 15.7.4
- Range: < 14.8.4
- Range: < 26.3
Patches
Vulnerability mechanics
References
8- support.apple.com/en-us/126346nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126347nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126348nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126349nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126350nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126351nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126352nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126353nvdRelease NotesVendor Advisory
News mentions
1- ZDI-26-175: Apple macOS ImageIO SGI File Parsing Out-Of-Bounds Read Information Disclosure VulnerabilityZero Day Initiative · Mar 10, 2026