Apple Garageband
9 CVEs affecting Apple Garageband. Latest disclosed: 2025-01-30. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-2372 | High | 8.8 | 2017-02-20 | An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects"… |
CVE-2024-44142 | High | 7.8 | 2025-01-30 | The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary co… |
CVE-2023-42867 | High | 7.8 | 2024-12-20 | This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain… |
CVE-2024-23300 | High | 7.8 | 2024-03-12 | A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead… |
CVE-2022-22664 | High | 7.8 | 2022-03-18 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a m… |
CVE-2022-22657 | High | 7.8 | 2022-03-18 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Ope… |
CVE-2017-2374 | High | 7.8 | 2017-02-20 | An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attacker… |
CVE-2021-30654 | Medium | 5.5 | 2021-09-08 | This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive informat… |
CVE-2009-2198 | | 2009-08-04 | Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. |