CVE-2025-24210

MEDIUM Year: 2025
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-783
View all →

Vulnerability Description

A logic error was addressed with improved error handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Parsing an image may lead to disclosure of user information.

Related Vulnerabilities

CVE-2017-13322

CRITICAL
CVSS:5.5(Medium)

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service wi...

CWE-7832017

CVE-2024-49736

MEDIUM
CVSS:5.5(Medium)

In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additi...

CWE-7832024

CVE-2024-34723

MEDIUM
CVSS:5.3(Medium)

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of ...

CWE-7832024

CVE-2024-34720

HIGH
CVSS:7.4(High)

In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote...

CWE-7832024

CVE-2024-20314

HIGH
CVSS:8.6(High)

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop...

CWE-7832024

CVE-2024-20480

HIGH
CVSS:8.6(High)

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utiliza...

CWE-7832024