CVE-2017-7013

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.

Published: Jul 20, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-7013
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
apple / icloud	-	6.2.1.x
apple / itunes	-	12.6.1.x
apple / iphone_os	-	10.3.2.x
apple / watchos	-	3.2.2.x
apple / mac_os_x	-	10.12.5.x
apple / tvos	-	10.2.1.x

http://www.securityfocus.com/bid/99879
http://www.securitytracker.com/id/1038950
https://support.apple.com/HT207922
https://support.apple.com/HT207923
https://support.apple.com/HT207924
https://support.apple.com/HT207925
https://support.apple.com/HT207927
https://support.apple.com/HT207928

Vulnerability Database

289,784

CVE-2017-7013