Vulnerability Description
An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Logic Pro X | <= 10.2.4 |
| Apple | Garageband | <= 10.1.4 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95627Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037627
- http://www.talosintelligence.com/reports/TALOS-2016-0262/
- https://support.apple.com/HT207476Vendor Advisory
- https://support.apple.com/HT207477Vendor Advisory
- http://www.securityfocus.com/bid/95627Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037627
- http://www.talosintelligence.com/reports/TALOS-2016-0262/
- https://support.apple.com/HT207476Vendor Advisory
- https://support.apple.com/HT207477Vendor Advisory
FAQ
What is CVE-2017-2372?
CVE-2017-2372 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers...
How severe is CVE-2017-2372?
CVE-2017-2372 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2372?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Logic Pro X, Apple Garageband.