Garageband

CVEs (7)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-2372	Hig	0.57	8.8	0.01	Feb 20, 2017	An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file.
CVE-2024-23300	Hig	0.51	7.8	0.00	Mar 12, 2024	A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
CVE-2017-2374	Hig	0.51	7.8	0.01	Feb 20, 2017	An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file.
CVE-2024-44142		0.00	—	0.00	Jan 30, 2025	The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.
CVE-2023-42867		0.00	—	0.00	Dec 20, 2024	This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.
CVE-2021-30654		0.00	—	0.00	Sep 8, 2021	This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.
CVE-2009-2198		0.00	—	0.01	Aug 4, 2009	Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.