CVE-2024-54534
Published: December 26, 2024Last modified: April 18, 2025
Description
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Liberica JDK | 8 | jdk-full | Fixed (8u452+11) |
| jre-full | Fixed (8u452+11) | ||
| 11 | jdk-full | Fixed (11.0.27+9) | |
| jre-full | Fixed (11.0.27+9) | ||
| 17 | jdk-full | Fixed (17.0.15+10) | |
| jre-full | Fixed (17.0.15+10) | ||
| 21 | jdk-full | Fixed (21.0.7+9) | |
| jre-full | Fixed (21.0.7+9) | ||
| 24 | jdk-full | Fixed (24.0.1+11) | |
| jre-full | Fixed (24.0.1+11) |
References
- https://security.netapp.com/advisory/ntap-20250418-0002/
- https://support.apple.com/en-us/121837
- https://support.apple.com/en-us/121839
- https://support.apple.com/en-us/121843
- https://support.apple.com/en-us/121844
- https://support.apple.com/en-us/121845
- https://support.apple.com/en-us/121846