anonhaven
Ad

CVE-2024-40845

MEDIUM CVSS 3.1: 5.5 EPSS 0.05%
Updated Apr 02, 2026
Apple
Parameter Value
CVSS 5.5 (MEDIUM)
Affected Versions before 14.7
Fixed In 14.7
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Apple
Public PoC No

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
 14.7

References 4

https://support.apple.com/en-us/121238
product-security@apple.com
https://support.apple.com/en-us/121247
product-security@apple.com
http://seclists.org/fulldisclosure/2024/Sep/33
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2024/Sep/40
af854a3a-2127-422b-91ae-364da2661108
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-43264

Apple

8.8

CVE-2025-43257

Apple

8.7

CVE-2025-43238

Apple

6.2

CVE-2025-43236

Apple

3.3

CVE-2025-43219

Apple

8.8