CVE-2016-1859

The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Published: May 20, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-1859
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
apple / iphone_os	-	9.3.2
apple / tvos	-	9.2.1
apple / safari	-	9.1.1
webkitgtk / webkitgtk+	-	2.12.1

http://lists.apple.com/archives/security-announce/2016/May/msg00001.html
http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
http://lists.apple.com/archives/security-announce/2016/May/msg00005.html
http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html
http://www.securityfocus.com/archive/1/538522/100/0/threaded
http://www.securitytracker.com/id/1035888
http://www.zerodayinitiative.com/advisories/ZDI-16-352
https://support.apple.com/HT206564
https://support.apple.com/HT206565
https://support.apple.com/HT206568

Vulnerability Database

289,697

CVE-2016-1859