Ivan Fratric

**Name of the Vulnerable Software and Affected Versions:** libxslt (affected versions not specified) **Description:** A type confusion issue exists in the libxslt library due to the reuse of the same memory field, `psvi`, for both stylesheet and input data during XML transformations. This can lead to application crashes, memory corruption, denial of service, or unexpected behavior. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 138 Firefox ESR versions prior to 128.10 Thunderbird versions prior to 138 Thunderbird ESR versions prior to 128.10 **Description** A vulnerability was identified where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. **Recommendations** For Firefox versions prior to 138, update to version 138 or later. For Firefox ESR versions prior to 128.10, update to version 128.10 or later. For Thunderbird versions prior to 138, update to version 138 or later. For Thunderbird ESR versions prior to 128.10, update to version 128.10 or later.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 11.5 tvOS versions prior to 18.5 iOS versions prior to 18.5 iPadOS versions prior to 18.5 macOS Sequoia versions prior to 15.5 visionOS versions prior to 2.5 Safari versions prior to 18.5 **Description** The issue allows a malicious website to exfiltrate data cross-origin. This was addressed with improved checks. **Recommendations** For watchOS versions prior to 11.5, update to watchOS 11.5. For tvOS versions prior to 18.5, update to tvOS 18.5. For iOS versions prior to 18.5, update to iOS 18.5. For iPadOS versions prior to 18.5, update to iPadOS 18.5. For macOS Sequoia versions prior to 15.5, update to macOS Sequoia 15.5. For visionOS versions prior to 2.5, update to visionOS 2.5. For Safari versions prior to 18.5, update to Safari 18.5.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 137 Firefox ESR versions prior to 115.22 Firefox ESR versions prior to 128.9 Thunderbird versions prior to 137 Thunderbird versions prior to 128.9 **Description** The issue is related to a use-after-free error in the XSLTProcessor when executing JavaScript code while transforming a document. This could allow a remote attacker to compromise a vulnerable system. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Firefox versions prior to 137, update to version 137 or later. For Firefox ESR versions prior to 115.22, update to version 115.22 or later. For Firefox ESR versions prior to 128.9, update to version 128.9 or later. For Thunderbird versions prior to 137, update to version 137 or later. For Thunderbird versions prior to 128.9, update to version 128.9 or later. As a temporary workaround, consider disabling the XSLTProcessor until a patch is available. Restrict access to the XSLTProcessor to minimize the risk of exploitation. Avoid using the XSLTProcessor in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Firefox versions 122 through 135 Firefox ESR versions 122 through 128.7 **Description** The issue is related to an inconsistent comparator in xslt/txNodeSorter, potentially leading to out-of-bounds access. **Recommendations** For Firefox versions 122 through 135, update to version 136 or later. For Firefox ESR versions 122 through 128.7, update to version 128.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 135 Firefox ESR versions prior to 115.20 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 **Description** An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. The issue arises from the failure to reset the `mCompileResult` in the `txMozillaXSLTProcessor::ImportStylesheet`, resulting in a stale error state that persists, causing subsequent transformations to use freed memory and leading to a use-after-free condition. **Recommendations** For Firefox versions prior to 135, update to version 135 or later. For Firefox ESR versions prior to 115.20, update to version 115.20 or later. For Firefox ESR versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 135, update to version 135 or later. As a temporary workaround, consider disabling the use of XSLT data in affected applications until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.7.1 macOS Ventura versions prior to 13.7.1 visionOS versions prior to 2.1 watchOS versions prior to 11.1 tvOS versions prior to 18.1 iOS versions prior to 17.7.1 and prior to 18.1 iPadOS versions prior to 17.7.1 and prior to 18.1 **Description** The issue was addressed with improved bounds checks. Parsing a maliciously crafted video file may lead to unexpected system termination. **Recommendations** For macOS Sonoma versions prior to 14.7.1, update to macOS Sonoma 14.7.1. For macOS Ventura versions prior to 13.7.1, update to macOS Ventura 13.7.1. For visionOS versions prior to 2.1, update to visionOS 2.1. For watchOS versions prior to 11.1, update to watchOS 11.1. For tvOS versions prior to 18.1, update to tvOS 18.1. For iOS versions prior to 17.7.1, update to iOS 17.7.1 or later. For iOS versions prior to 18.1, update to iOS 18.1. For iPadOS versions prior to 17.7.1, update to iPadOS 17.7.1 or later. For iPadOS versions prior to 18.1, update to iPadOS 18.1.

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.7.1 macOS Ventura versions prior to 13.7.1 visionOS versions prior to 2.1 watchOS versions prior to 11.1 tvOS versions prior to 18.1 iOS versions prior to 17.7.1 and prior to 18.1 iPadOS versions prior to 17.7.1 and prior to 18.1 **Description** The issue was addressed with improved bounds checks. Parsing a maliciously crafted video file may lead to unexpected system termination. **Recommendations** For macOS Sonoma versions prior to 14.7.1, update to macOS Sonoma 14.7.1. For macOS Ventura versions prior to 13.7.1, update to macOS Ventura 13.7.1. For visionOS versions prior to 2.1, update to visionOS 2.1. For watchOS versions prior to 11.1, update to watchOS 11.1. For tvOS versions prior to 18.1, update to tvOS 18.1. For iOS versions prior to 17.7.1, update to iOS 17.7.1 or later. For iOS versions prior to 18.1, update to iOS 18.1. For iPadOS versions prior to 17.7.1, update to iPadOS 17.7.1 or later. For iPadOS versions prior to 18.1, update to iPadOS 18.1.

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.7.1 macOS Ventura versions prior to 13.7.1 visionOS versions prior to 2.1 watchOS versions prior to 11.1 tvOS versions prior to 18.1 iOS versions prior to 17.7.1 and prior to 18.1 iPadOS versions prior to 17.7.1 and prior to 18.1 **Description** The issue is related to parsing a maliciously crafted video file, which may lead to unexpected system termination. It was addressed with improved bounds checks. **Recommendations** For macOS Sonoma versions prior to 14.7.1, update to version 14.7.1 or later. For macOS Ventura versions prior to 13.7.1, update to version 13.7.1 or later. For visionOS versions prior to 2.1, update to version 2.1 or later. For watchOS versions prior to 11.1, update to version 11.1 or later. For tvOS versions prior to 18.1, update to version 18.1 or later. For iOS versions prior to 17.7.1 and prior to 18.1, update to version 17.7.1 or 18.1 or later. For iPadOS versions prior to 17.7.1 and prior to 18.1, update to version 17.7.1 or 18.1 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.2 **Description** The issue is related to a buffer overflow in the AppleVA component of the macOS operating system, which can lead to arbitrary code execution when processing an image. This is due to improper memory handling. **Recommendations** For versions prior to 14.2, update to macOS Sonoma 14.2 to resolve the issue. As a temporary workaround, consider avoiding the processing of images from untrusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.2 **Description** The issue involves multiple memory corruption problems that have been resolved through enhanced input validation. Processing a maliciously crafted file can lead to unexpected application termination or arbitrary code execution. **Recommendations** For macOS Sonoma versions prior to 14.2, update to version 14.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.2 **Description** The issue is related to multiple memory corruption problems that have been addressed through improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. The vulnerability is also associated with a buffer overflow in the AppleGraphicsControl component, which can allow an attacker to execute arbitrary code using a specially crafted file. **Recommendations** For versions prior to 14.2, update to macOS Sonoma 14.2 to resolve the issue. As a temporary workaround, consider avoiding the use of potentially malicious files until the update is applied. Restrict access to untrusted files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.2 **Description** The issue is related to multiple memory corruption problems that have been addressed through improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. The vulnerability is also associated with a buffer overflow in the AppleGraphicsControl component, which could allow a remote attacker to execute arbitrary code using a specially crafted file. **Recommendations** For versions prior to 14.2, update to macOS Sonoma 14.2 to resolve the issue. As a temporary workaround, consider avoiding the use of potentially malicious files until the update is applied. Restrict access to untrusted files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.2 **Description** The issue is related to multiple memory corruption problems that have been addressed through improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. The vulnerability is also associated with a buffer overflow in the AppleGraphicsControl component, which can allow an attacker to execute arbitrary code using a specially crafted file. **Recommendations** For versions prior to 14.2, update to macOS Sonoma 14.2 to resolve the issue. As a temporary workaround, consider avoiding the use of potentially malicious files until the update is applied. Restrict access to untrusted files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.2 **Description** The issue is related to a buffer overflow in the AppleGraphicsControl component of the macOS Sonoma operating system. It may allow an attacker to execute arbitrary code using a specially crafted file. The problem is associated with memory corruption issues, which can be triggered by processing a maliciously crafted file, potentially leading to unexpected app termination or arbitrary code execution. **Recommendations** For macOS Sonoma versions prior to 14.2, update to version 14.2 to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted files that may trigger the buffer overflow in the AppleGraphicsControl component until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.2 **Description** The issue is related to a buffer overflow in the AppleVA component of the macOS operating system, which can lead to unexpected app termination or arbitrary code execution when processing a file. This is due to improper memory handling. **Recommendations** For versions prior to 14.2, update to macOS Sonoma 14.2 to resolve the issue. As a temporary workaround, consider avoiding the processing of potentially malicious files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.2 **Description** The issue is related to a buffer overflow in the AppleGraphicsControl component of the macOS operating system. It may allow an attacker to execute arbitrary code using a specially crafted file. The problem is associated with multiple memory corruption issues, which have been addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. **Recommendations** For macOS versions prior to 14.2, update to macOS Sonoma 14.2 to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted files that may trigger the buffer overflow in the AppleGraphicsControl component until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.2 **Description** The issue is related to a buffer overflow in the AppleGraphicsControl component of the macOS operating system. It may allow an attacker to execute arbitrary code using a specially crafted file. The problem is caused by multiple memory corruption issues, which have been addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. **Recommendations** For macOS versions prior to 14.2, update to macOS Sonoma 14.2 to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted files that may trigger the buffer overflow in the AppleGraphicsControl component. Restrict access to untrusted files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.2 **Description** The issue is related to a buffer overflow in the AppleGraphicsControl component of the macOS operating system. It may allow an attacker to execute arbitrary code using a specially crafted file. The problem is caused by multiple memory corruption issues, which have been addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. **Recommendations** For macOS versions prior to 14.2, update to macOS Sonoma 14.2 to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted files that may trigger the buffer overflow in the AppleGraphicsControl component until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.2 **Description** The issue is related to multiple memory corruption problems that have been addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. The vulnerability is also associated with a buffer overflow in the AppleGraphicsControl component, which can allow an attacker to execute arbitrary code using a specially crafted file. **Recommendations** For macOS Sonoma versions prior to 14.2, update to macOS Sonoma 14.2 to resolve the issue. As a temporary workaround, consider avoiding the use of potentially malicious files until the update is applied. Restrict access to untrusted files to minimize the risk of exploitation.