anonhaven
Ad

CVE-2024-23249

HIGH CVSS 3.1: 7.1 EPSS 0.05%
Updated Apr 02, 2026
Apple
Parameter Value
CVSS 7.1 (HIGH)
Affected Versions 14.0 — 14.4
Fixed In 14.4
Type CWE-404 (Improper Resource Shutdown or Release)
Vendor Apple
Public PoC No

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-404 Improper Resource Shutdown or Release

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
 14.0 14.4

References 4

https://support.apple.com/en-us/120895
product-security@apple.com
http://seclists.org/fulldisclosure/2024/Mar/21
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/en-us/HT214084
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214084
af854a3a-2127-422b-91ae-364da2661108
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-43264

Apple

8.8

CVE-2025-43257

Apple

8.7

CVE-2025-43238

Apple

6.2

CVE-2025-43236

Apple

3.3

CVE-2025-43219

Apple

8.8