Search for vulnerabilities
| Vulnerability ID | VCID-j82e-rm6y-1bcs |
| Aliases |
CVE-2017-7064
|
| Summary | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 9.0 |
| Risk | 10.0 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.03323 | https://api.first.org/data/v1/epss?cve=CVE-2017-7064 |
| epss | 0.03323 | https://api.first.org/data/v1/epss?cve=CVE-2017-7064 |
| epss | 0.03323 | https://api.first.org/data/v1/epss?cve=CVE-2017-7064 |
| epss | 0.03323 | https://api.first.org/data/v1/epss?cve=CVE-2017-7064 |
| epss | 0.03323 | https://api.first.org/data/v1/epss?cve=CVE-2017-7064 |
| epss | 0.03323 | https://api.first.org/data/v1/epss?cve=CVE-2017-7064 |
| epss | 0.03323 | https://api.first.org/data/v1/epss?cve=CVE-2017-7064 |
| epss | 0.03323 | https://api.first.org/data/v1/epss?cve=CVE-2017-7064 |
| epss | 0.03323 | https://api.first.org/data/v1/epss?cve=CVE-2017-7064 |
| cvssv2 | 4.3 | https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml |
| cvssv3 | 4.3 | https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml |
| archlinux | Critical | https://security.archlinux.org/AVG-362 |
| Reference id | Reference type | URL |
|---|---|---|
| https://api.first.org/data/v1/epss?cve=CVE-2017-7064 | ||
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7064 | ||
| https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml | ||
| ASA-201707-25 | https://security.archlinux.org/ASA-201707-25 | |
| AVG-362 | https://security.archlinux.org/AVG-362 | |
| CVE-2017-7064 | Exploit | https://bugs.chromium.org/p/project-zero/issues/detail?id=1236 |
| CVE-2017-7064 | Exploit | https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/42375.html |
| USN-3376-1 | https://usn.ubuntu.com/3376-1/ |
| Data source | Exploit-DB |
|---|---|
| Date added | July 25, 2017 |
| Description | WebKit JSC - 'JSArray::appendMemcpy' Uninitialized Memory Copy |
| Ransomware campaign use | Known |
| Source publication date | July 25, 2017 |
| Exploit type | dos |
| Platform | multiple |
| Source update date | July 25, 2017 |
| Source URL | https://bugs.chromium.org/p/project-zero/issues/detail?id=1236 |
| Exploitability (E) | Access Vector (AV) | Access Complexity (AC) | Authentication (Au) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|
high functional unproven proof_of_concept not_defined |
local adjacent_network network |
high medium low |
multiple single none |
none partial complete |
none partial complete |
none partial complete |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.8722 |
| EPSS Score | 0.03323 |
| Published At | April 1, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T16:32:45.311115+00:00 | Debian Oval Importer | Import | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.0.0 |