CVE-2022-26738: Buffer Overflow
Published May 16, 2022
·Updated
AMD. A buffer overflow issue was addressed with improved memory handling.
Credit
an anonymous researcher, ABC Research s.r.o, CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Wojciech Reguła@@_r3ggi(SecuRing), Qi Sun(Trend Micro), Robert Ai(Trend Micro), Ye Zhang@@co0py_Cat(Baidu Security), Jon Thompson(Evolve), IA), Yonghwi Jin@@jinmo123(Theori), Linus Henze(Pinauten GmbH), actae0n(Blacksun Hackers Club working with Trend Micro Zero Day Initiative), Andrew Williams(Google), Avi Drissman(Google), Liu Long(Ant Security Light), Antonio Zekic@@antoniozekic, Jeonghoon Shin(Theori working with Trend Micro Zero Day Initiative), Jack Dates(RET2 Systems Inc), chenyuwang@@mzzzz__(Tencent Security Xuanwu Lab), Jordy Zomer@@pwningsystems, Peter Nguyễn Vũ Hoàng@@peternguyen14(STAR Labs), Ned Williamson(Google Project Zero), Arsenii Kostromin (0x3c3e)(Microsoft), Jonathan Bar Or(Microsoft), Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Yuebin Sun@@yuebinsun2020(Tencent Security Xuanwu Lab), Max Shavrick@@_mxms(the Google Security Team), Zubair Ashraf(Crowdstrike), CVE-2022-0778, CVE-2022-23308, Paul Walker(Bury), Nathaniel Ekoniak(Ennate Technologies), Mickey Jin@@patch1t, @@gorelics, Peter Nguyễn Vũ Hoàng(STAR Labs), Felix Poulin-Belanger, Gergely Kalman@@gergely_kalman(Mandiant), (Mandiant), Joshua Mason(Mandiant), Antonio Cheong Yu Xuan(YCISCQ), Arsenii Kostromin (0x3c3e), Ron Waisberg(SecuRing), an anonymous researcher(SecuRing), (Perception Point), Ron Hass@@ronhass7(Perception Point), ryuzaki, Chijin Zhou(ShuiMuYuLin Ltd), Tsinghua wingtecher lab, Jeonghoon Shin(Theori), SorryMybad@@S0rryMybad(Kunlun Lab), Dongzhuo Zhao(ADLab of Venustech), Scarlet Raine, Wang Yu(Cyberserval), CVE-2022-0530, Tavis Ormandy, CVE-2021-45444
Affected Software
8 affected componentsFixes available
tvOS<15.5
15.5
macOS<12.4
12.4
Apple iOS and iPadOS<15.5
15.5
Apple iOS, iPadOS, and macOS<15.5
15.5
Apple iOS, iPadOS, and macOS<15.5
iPhone OS<15.5
macOS<12.4
tvOS<15.5
Event History
May 16, 2022
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
May 26, 2022
CVE Published
via MITRE·07:01 PM
Data Sourced
via MITRE·07:01 PM
DescriptionWeakness
Frequently Asked Questions
1
What is CVE-2022-26738?
CVE-2022-26738 is a vulnerability in AVEVideoEncoder that allows an attacker to perform an out-of-bounds write.
2
Which software versions are affected by CVE-2022-26738?
CVE-2022-26738 affects Apple tvOS up to version 15.5, macOS Monterey up to version 12.4, Apple iOS up to version 15.5, and Apple iPadOS up to version 15.5.
3
How can the CVE-2022-26738 vulnerability be exploited?
CVE-2022-26738 can be exploited by an attacker to perform an out-of-bounds write operation, potentially leading to arbitrary code execution or denial of service.
4
Has Apple released a remedy for CVE-2022-26738?
Yes, Apple has addressed the CVE-2022-26738 vulnerability with improved bounds checking in the affected software versions.
5
Where can I find more information about CVE-2022-26738?
You can find more information about CVE-2022-26738 on the official Apple support website.