VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-63wk-qcs9-xqg6

Essentials
Severities (96)
References (29)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-63wk-qcs9-xqg6
Aliases	CVE-2024-54502
Summary	The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-125

Out-of-bounds Read

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54502.json
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00158	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00158	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00158	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00158	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00158	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00158	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00158	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00158	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00158	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00158	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00235	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00235	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.00235	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-54502
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-54502
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-54502
cvssv3.1	6.5	https://support.apple.com/en-us/121837
ssvc	Track	https://support.apple.com/en-us/121837
cvssv3.1	6.5	https://support.apple.com/en-us/121839
ssvc	Track	https://support.apple.com/en-us/121839
cvssv3.1	6.5	https://support.apple.com/en-us/121843
ssvc	Track	https://support.apple.com/en-us/121843
cvssv3.1	6.5	https://support.apple.com/en-us/121844
ssvc	Track	https://support.apple.com/en-us/121844
cvssv3.1	6.5	https://support.apple.com/en-us/121845
ssvc	Track	https://support.apple.com/en-us/121845
cvssv3.1	6.5	https://support.apple.com/en-us/121846
ssvc	Track	https://support.apple.com/en-us/121846

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54502.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-54502
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54502
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
121837		https://support.apple.com/en-us/121837
121839		https://support.apple.com/en-us/121839
121843		https://support.apple.com/en-us/121843
121844		https://support.apple.com/en-us/121844
121845		https://support.apple.com/en-us/121845
121846		https://support.apple.com/en-us/121846
2333843		https://bugzilla.redhat.com/show_bug.cgi?id=2333843
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
cpe:2.3:o:apple:visionos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos::::::::
cpe:2.3:o:apple:watchos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
CVE-2024-54502		https://nvd.nist.gov/vuln/detail/CVE-2024-54502
RHSA-2025:0145		https://access.redhat.com/errata/RHSA-2025:0145
RHSA-2025:0146		https://access.redhat.com/errata/RHSA-2025:0146
RHSA-2025:0226		https://access.redhat.com/errata/RHSA-2025:0226
RHSA-2025:0276		https://access.redhat.com/errata/RHSA-2025:0276
RHSA-2025:0277		https://access.redhat.com/errata/RHSA-2025:0277
RHSA-2025:0278		https://access.redhat.com/errata/RHSA-2025:0278
RHSA-2025:0279		https://access.redhat.com/errata/RHSA-2025:0279
RHSA-2025:0282		https://access.redhat.com/errata/RHSA-2025:0282
RHSA-2025:0283		https://access.redhat.com/errata/RHSA-2025:0283
USN-7201-1		https://usn.ubuntu.com/7201-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54502.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-54502

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-54502

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/121837

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:31:16Z/ Found at https://support.apple.com/en-us/121837

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/121839

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:31:16Z/ Found at https://support.apple.com/en-us/121839

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/121843

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:31:16Z/ Found at https://support.apple.com/en-us/121843

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/121844

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:31:16Z/ Found at https://support.apple.com/en-us/121844

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/121845

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:31:16Z/ Found at https://support.apple.com/en-us/121845

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/121846

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:31:16Z/ Found at https://support.apple.com/en-us/121846

Exploit Prediction Scoring System (EPSS)

Percentile	0.12177
EPSS Score	0.00044
Published At	Dec. 13, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-12-13T02:50:30.178567+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/54xxx/CVE-2024-54502.json	35.0.0