CVE-2019-8774: Input Validation

Q: What is CVE-2019-8774?

CVE-2019-8774 is a resource exhaustion issue in Books that could result in a persistent denial-of-service.

Q: How can this vulnerability be exploited?

This vulnerability can be exploited by parsing a maliciously crafted iBooks file.

Q: What is the severity of CVE-2019-8774?

CVE-2019-8774 has a severity rating of 5.5 (Medium).

Q: Which versions of macOS are affected by CVE-2019-8774?

macOS Catalina 10.15 is affected by CVE-2019-8774.

Q: Which iOS versions are affected by CVE-2019-8774?

iOS 13.1 and iPadOS 13.1 are affected by CVE-2019-8774.

Q: How can I fix CVE-2019-8774?

To fix CVE-2019-8774, update to iOS 13.1 and iPadOS 13.1, or macOS Catalina 10.15.

Published Sep 24, 2019

Updated

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service.

Other sources

Books. A resource exhaustion issue was addressed with improved input validation.

Credit

Gertjan Franken imec-DistriNet(KU Leuven)

Affected Software

6 affected componentsFixes available

Apple macOS Catalina<10.15

10.15

Apple Ipad Os<13.1

Apple iPhone OS<13.1

Apple iOS and macOS<10.15

Apple iOS<13.1

13.1

Apple iPadOS<13.1

13.1

Event History

Oct 27, 2020

CVE Published

via MITRE·07:50 PM

Data Sourced

via MITRE·07:50 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-8774?

CVE-2019-8774 is a resource exhaustion issue in Books that could result in a persistent denial-of-service.

How can this vulnerability be exploited?