Search for vulnerabilities
Vulnerability details: VCID-dhy9-1s3k-p7be
Vulnerability ID VCID-dhy9-1s3k-p7be
Aliases CVE-2022-32886
Summary A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32886.json
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2022-32886
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2022/Oct/28
ssvc Track http://seclists.org/fulldisclosure/2022/Oct/28
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2022/Oct/39
ssvc Track http://seclists.org/fulldisclosure/2022/Oct/39
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2022/Oct/41
ssvc Track http://seclists.org/fulldisclosure/2022/Oct/41
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2022/09/msg00034.html
ssvc Track https://lists.debian.org/debian-lts-announce/2022/09/msg00034.html
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74MXH2U5GA4CX3L3NLYP4TBO4O2VOPBJ/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74MXH2U5GA4CX3L3NLYP4TBO4O2VOPBJ/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDV6OLKDTL55NH4LNSMLQ4D6LLSX6JU2/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDV6OLKDTL55NH4LNSMLQ4D6LLSX6JU2/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDNT32WIARRD2ANWKGCTTIQXI6OII7HZ/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDNT32WIARRD2ANWKGCTTIQXI6OII7HZ/
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32886
archlinux Unknown https://security.archlinux.org/AVG-2819
archlinux Unknown https://security.archlinux.org/AVG-2820
cvssv3.1 8.8 https://security.gentoo.org/glsa/202305-32
ssvc Track https://security.gentoo.org/glsa/202305-32
cvssv3.1 8.8 https://support.apple.com/en-us/HT213442
ssvc Track https://support.apple.com/en-us/HT213442
cvssv3.1 8.8 https://support.apple.com/en-us/HT213445
ssvc Track https://support.apple.com/en-us/HT213445
cvssv3.1 8.8 https://support.apple.com/en-us/HT213446
ssvc Track https://support.apple.com/en-us/HT213446
cvssv3.1 8.8 https://www.debian.org/security/2022/dsa-5240
ssvc Track https://www.debian.org/security/2022/dsa-5240
cvssv3.1 8.8 https://www.debian.org/security/2022/dsa-5241
ssvc Track https://www.debian.org/security/2022/dsa-5241
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32886.json
https://api.first.org/data/v1/epss?cve=CVE-2022-32886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42833
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
202305-32 https://security.gentoo.org/glsa/202305-32
2128643 https://bugzilla.redhat.com/show_bug.cgi?id=2128643
28 http://seclists.org/fulldisclosure/2022/Oct/28
39 http://seclists.org/fulldisclosure/2022/Oct/39
41 http://seclists.org/fulldisclosure/2022/Oct/41
74MXH2U5GA4CX3L3NLYP4TBO4O2VOPBJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74MXH2U5GA4CX3L3NLYP4TBO4O2VOPBJ/
AVG-2819 https://security.archlinux.org/AVG-2819
AVG-2820 https://security.archlinux.org/AVG-2820
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-32886 https://nvd.nist.gov/vuln/detail/CVE-2022-32886
dsa-5240 https://www.debian.org/security/2022/dsa-5240
dsa-5241 https://www.debian.org/security/2022/dsa-5241
HT213442 https://support.apple.com/en-us/HT213442
HT213445 https://support.apple.com/en-us/HT213445
HT213446 https://support.apple.com/en-us/HT213446
KDV6OLKDTL55NH4LNSMLQ4D6LLSX6JU2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDV6OLKDTL55NH4LNSMLQ4D6LLSX6JU2/
msg00034.html https://lists.debian.org/debian-lts-announce/2022/09/msg00034.html
RHSA-2023:2256 https://access.redhat.com/errata/RHSA-2023:2256
RHSA-2023:2834 https://access.redhat.com/errata/RHSA-2023:2834
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
TDNT32WIARRD2ANWKGCTTIQXI6OII7HZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDNT32WIARRD2ANWKGCTTIQXI6OII7HZ/
USN-5642-1 https://usn.ubuntu.com/5642-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32886.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2022/Oct/28
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at http://seclists.org/fulldisclosure/2022/Oct/28
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2022/Oct/39
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at http://seclists.org/fulldisclosure/2022/Oct/39
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2022/Oct/41
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at http://seclists.org/fulldisclosure/2022/Oct/41
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2022/09/msg00034.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at https://lists.debian.org/debian-lts-announce/2022/09/msg00034.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74MXH2U5GA4CX3L3NLYP4TBO4O2VOPBJ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74MXH2U5GA4CX3L3NLYP4TBO4O2VOPBJ/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDV6OLKDTL55NH4LNSMLQ4D6LLSX6JU2/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDV6OLKDTL55NH4LNSMLQ4D6LLSX6JU2/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDNT32WIARRD2ANWKGCTTIQXI6OII7HZ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDNT32WIARRD2ANWKGCTTIQXI6OII7HZ/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-32886
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202305-32
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at https://security.gentoo.org/glsa/202305-32
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213442
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at https://support.apple.com/en-us/HT213442
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213445
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at https://support.apple.com/en-us/HT213445
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213446
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at https://support.apple.com/en-us/HT213446
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2022/dsa-5240
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at https://www.debian.org/security/2022/dsa-5240
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2022/dsa-5241
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-29T14:14:06Z/ Found at https://www.debian.org/security/2022/dsa-5241
Exploit Prediction Scoring System (EPSS)
Percentile 0.57306
EPSS Score 0.00358
Published At Aug. 6, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:35:03.454857+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/5642-1/ 37.0.0