Garageband
by Apple Inc.
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2372 | Hig | 0.57 | 8.8 | 0.02 | Feb 20, 2017 | An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via… | ||
| CVE-2024-23300 | Hig | 0.51 | 7.8 | 0.00 | Mar 12, 2024 | A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | ||
| CVE-2017-2374 | Hig | 0.51 | 7.8 | 0.02 | Feb 20, 2017 | An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | ||
| CVE-2024-44142 | 0.00 | — | 0.00 | Jan 30, 2025 | The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution. | |||
| CVE-2023-42867 | 0.00 | — | 0.00 | Dec 20, 2024 | This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges. | |||
| CVE-2023-27960 | 0.00 | — | 0.00 | May 8, 2023 | This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand. | |||
| CVE-2022-22664 | 0.00 | — | 0.01 | Mar 18, 2022 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||
| CVE-2022-22657 | 0.00 | — | 0.01 | Mar 18, 2022 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||
| CVE-2021-30654 | 0.00 | — | 0.00 | Sep 8, 2021 | This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information. | |||
| CVE-2009-2198 | 0.00 | — | 0.02 | Aug 4, 2009 | Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. |
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via…
- risk 0.51cvss 7.8epss 0.00
A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted…
- CVE-2024-44142Jan 30, 2025risk 0.00cvss —epss 0.00
The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.
- CVE-2023-42867Dec 20, 2024risk 0.00cvss —epss 0.00
This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.
- CVE-2023-27960May 8, 2023risk 0.00cvss —epss 0.00
This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand.
- CVE-2022-22664Mar 18, 2022risk 0.00cvss —epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
- CVE-2022-22657Mar 18, 2022risk 0.00cvss —epss 0.01
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
- CVE-2021-30654Sep 8, 2021risk 0.00cvss —epss 0.00
This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.
- CVE-2009-2198Aug 4, 2009risk 0.00cvss —epss 0.02
Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.