Search for vulnerabilities
Vulnerability details: VCID-sx4q-wc6f-83ap
Vulnerability ID VCID-sx4q-wc6f-83ap
Aliases CVE-2022-32888
Summary An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32888.json
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2022-32888
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32888
cvssv3.1 8.8 https://security.gentoo.org/glsa/202305-32
ssvc Track https://security.gentoo.org/glsa/202305-32
cvssv3.1 8.8 https://support.apple.com/en-us/HT213443
ssvc Track https://support.apple.com/en-us/HT213443
cvssv3.1 8.8 https://support.apple.com/en-us/HT213444
ssvc Track https://support.apple.com/en-us/HT213444
cvssv3.1 8.8 https://support.apple.com/en-us/HT213445
ssvc Track https://support.apple.com/en-us/HT213445
cvssv3.1 8.8 https://support.apple.com/en-us/HT213446
ssvc Track https://support.apple.com/en-us/HT213446
cvssv3.1 8.8 https://support.apple.com/en-us/HT213486
ssvc Track https://support.apple.com/en-us/HT213486
cvssv3.1 8.8 https://support.apple.com/en-us/HT213487
ssvc Track https://support.apple.com/en-us/HT213487
cvssv3.1 8.8 https://support.apple.com/en-us/HT213488
ssvc Track https://support.apple.com/en-us/HT213488
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2022/11/04/4
ssvc Track http://www.openwall.com/lists/oss-security/2022/11/04/4
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32888.json
https://api.first.org/data/v1/epss?cve=CVE-2022-32888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42833
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
202305-32 https://security.gentoo.org/glsa/202305-32
2140501 https://bugzilla.redhat.com/show_bug.cgi?id=2140501
4 http://www.openwall.com/lists/oss-security/2022/11/04/4
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2022-32888 https://nvd.nist.gov/vuln/detail/CVE-2022-32888
HT213443 https://support.apple.com/en-us/HT213443
HT213444 https://support.apple.com/en-us/HT213444
HT213445 https://support.apple.com/en-us/HT213445
HT213446 https://support.apple.com/en-us/HT213446
HT213486 https://support.apple.com/en-us/HT213486
HT213487 https://support.apple.com/en-us/HT213487
HT213488 https://support.apple.com/en-us/HT213488
RHSA-2023:2256 https://access.redhat.com/errata/RHSA-2023:2256
RHSA-2023:2834 https://access.redhat.com/errata/RHSA-2023:2834
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
USN-5730-1 https://usn.ubuntu.com/5730-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32888.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-32888
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202305-32
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-05T15:00:30Z/ Found at https://security.gentoo.org/glsa/202305-32
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213443
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-05T15:00:30Z/ Found at https://support.apple.com/en-us/HT213443
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213444
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-05T15:00:30Z/ Found at https://support.apple.com/en-us/HT213444
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213445
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-05T15:00:30Z/ Found at https://support.apple.com/en-us/HT213445
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213446
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-05T15:00:30Z/ Found at https://support.apple.com/en-us/HT213446
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213486
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-05T15:00:30Z/ Found at https://support.apple.com/en-us/HT213486
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213487
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-05T15:00:30Z/ Found at https://support.apple.com/en-us/HT213487
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213488
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-05T15:00:30Z/ Found at https://support.apple.com/en-us/HT213488
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2022/11/04/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-05T15:00:30Z/ Found at http://www.openwall.com/lists/oss-security/2022/11/04/4
Exploit Prediction Scoring System (EPSS)
Percentile 0.60772
EPSS Score 0.00415
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:43:53.160747+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/5730-1/ 37.0.0