CVE-2023-41064

CVE Database · CVE-2023-41064

CVE-2023-41064

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

15.26%

Published

Sep 7, 2023

Modified

Nov 6, 2025

CISA Known Exploited Vulnerability

Added: 2023-09-11 · Due: 2023-10-02

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (4)

All weaponized →

TrickestTrickest PoC index GitHub PoCMrR0b0t19/CVE-2023-41064★3 GitHub PoCMrR0b0t19/vulnerabilidad-LibWebP-CVE-2023-41064★0 GitHub PoCK4Der11000/k4_cve-2023-41064★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-120CWE-120

Affected Products (7)

apple · ipados (up to 15.7.9)vulnerable

apple · ipados (up to 16.6.1)vulnerable

apple · iphone_os (up to 15.7.9)vulnerable

apple · iphone_os (up to 16.6.1)vulnerable

apple · macos (up to 11.7.10)vulnerable

apple · macos (up to 12.6.9)vulnerable

apple · macos (up to 13.5.2)vulnerable