This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-24182.
Category Archives: Advisories
ZDI-25-192: Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-24190.
ZDI-25-191: Apple macOS MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-24211.
ZDI-25-190: Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-24230.
ZDI-25-189: Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-24243.
ZDI-25-188: Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-24244.
USN-7400-1: PHP vulnerabilities
It was discovered that PHP incorrectly handle certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2024-11235)
It was discovered that PHP incorrectly handle certain folded headers.
An attacker could possibly use this issue to cause a crash or
execute arbritrary code. (CVE-2025-1217)
It was discovered that PHP incorrectly handled certain headers.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS
Ubuntu 24.10, and Ubuntu 24.04 LTS. (CVE-2025-1219)
It was discovered that PHP incorrectly handle certain headers with invalid
name and no colon. An attacker could possibly use this issue to confuse
applications into accepting invalid headers causing code injection.
(CVE-2025-1734)
It was discovered that PHP incorrectly handled certain headers.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.10, and Ubuntu 24.04
LTS. (CVE-2025-1736)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive
information. (CVE-2025-1861)
USN-7399-1: RabbitMQ Server vulnerability
It was discovered that RabbitMQ Server’s management UI did not sanitize
certain input. An attacker could possibly use this issue to inject code
by performing a cross-site scripting (XSS) attack.
USN-7398-1: libtar vulnerabilities
It was discovered that libtar may perform out-of-bounds reads when
processing specially crafted tar files. An attacker could possibly use
this issue to cause libtar to crash, resulting in a denial of service,
or execute arbitrary code. (CVE-2021-33643, CVE-2021-33644)
It was discovered that libtar contained a memory leak due to failing
to free a variable, causing performance degradation. An attacker
could possibly use this issue to cause libtar to crash, resulting in a
denial of service. (CVE-2021-33645, CVE-2021-33646)
USN-7397-1: AOM vulnerability
Xiantong Hou discovered that AOM did not properly handle certain malformed
media files. If an application using AOM opened a specially crafted file, a
remote attacker could cause a denial of service, or possibly execute
arbitrary code.