Search for vulnerabilities
Vulnerability details: VCID-eusr-zhu1-7fh4
Vulnerability ID VCID-eusr-zhu1-7fh4
Aliases CVE-2023-42875
Summary Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42875.json
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42875
cvssv3.1 7.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-2867
archlinux High https://security.archlinux.org/AVG-2868
archlinux High https://security.archlinux.org/AVG-2869
archlinux High https://security.archlinux.org/AVG-2870
cvssv3.1 7.3 https://support.apple.com/en-us/120330
ssvc Track https://support.apple.com/en-us/120330
cvssv3.1 7.3 https://support.apple.com/en-us/120947
ssvc Track https://support.apple.com/en-us/120947
cvssv3.1 7.3 https://support.apple.com/en-us/120948
ssvc Track https://support.apple.com/en-us/120948
cvssv3.1 7.3 https://support.apple.com/en-us/120949
ssvc Track https://support.apple.com/en-us/120949
cvssv3.1 7.3 https://support.apple.com/en-us/120950
ssvc Track https://support.apple.com/en-us/120950
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42875.json
https://api.first.org/data/v1/epss?cve=CVE-2023-42875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42970
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
120330 https://support.apple.com/en-us/120330
120947 https://support.apple.com/en-us/120947
120948 https://support.apple.com/en-us/120948
120949 https://support.apple.com/en-us/120949
120950 https://support.apple.com/en-us/120950
2366497 https://bugzilla.redhat.com/show_bug.cgi?id=2366497
ASA-202505-2 https://security.archlinux.org/ASA-202505-2
ASA-202505-3 https://security.archlinux.org/ASA-202505-3
ASA-202505-4 https://security.archlinux.org/ASA-202505-4
ASA-202505-5 https://security.archlinux.org/ASA-202505-5
AVG-2867 https://security.archlinux.org/AVG-2867
AVG-2868 https://security.archlinux.org/AVG-2868
AVG-2869 https://security.archlinux.org/AVG-2869
AVG-2870 https://security.archlinux.org/AVG-2870
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2023-42875 https://nvd.nist.gov/vuln/detail/CVE-2023-42875
RHSA-2024:2126 https://access.redhat.com/errata/RHSA-2024:2126
RHSA-2024:2982 https://access.redhat.com/errata/RHSA-2024:2982
RHSA-2024:8492 https://access.redhat.com/errata/RHSA-2024:8492
RHSA-2024:8496 https://access.redhat.com/errata/RHSA-2024:8496
RHSA-2024:9646 https://access.redhat.com/errata/RHSA-2024:9646
RHSA-2024:9653 https://access.redhat.com/errata/RHSA-2024:9653
RHSA-2024:9679 https://access.redhat.com/errata/RHSA-2024:9679
RHSA-2024:9680 https://access.redhat.com/errata/RHSA-2024:9680
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42875.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://support.apple.com/en-us/120330
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T16:22:31Z/ Found at https://support.apple.com/en-us/120330
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://support.apple.com/en-us/120947
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T16:22:31Z/ Found at https://support.apple.com/en-us/120947
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://support.apple.com/en-us/120948
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T16:22:31Z/ Found at https://support.apple.com/en-us/120948
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://support.apple.com/en-us/120949
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T16:22:31Z/ Found at https://support.apple.com/en-us/120949
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://support.apple.com/en-us/120950
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T16:22:31Z/ Found at https://support.apple.com/en-us/120950
Exploit Prediction Scoring System (EPSS)
Percentile 0.0638
EPSS Score 0.00034
Published At April 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-04-11T20:06:14.900257+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/42xxx/CVE-2023-42875.json 36.0.0