This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2009-08-04
Product Garageband Last view 2022-03-18
Version 4.1.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:apple:garageband

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2022-03-18 CVE-2022-22664

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8 2022-03-18 CVE-2022-22657

A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

5.5 2021-09-08 CVE-2021-30654

This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.

7.8 2017-02-20 CVE-2017-2374

An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file.

8.8 2017-02-20 CVE-2017-2372

An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file.

4.3 2009-08-04 CVE-2009-2198

Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20% (1) CWE-665 Improper Initialization
20% (1) CWE-264 Permissions, Privileges, and Access Controls
20% (1) CWE-125 Out-of-bounds Read

Open Source Vulnerability Database (OSVDB)

id Description
56738 Apple GarageBand Safari Cookie Acceptance Policy Reversion Weakness

Snort® IPS/IDS

Date Description
2017-02-01 Apple GarageBand out of bounds write attempt
RuleID : 41448 - Type : FILE-OTHER - Revision : 3
2017-02-01 Apple GarageBand out of bounds write attempt
RuleID : 41447 - Type : FILE-OTHER - Revision : 3
2017-01-19 Apple Garageband .band file out of bounds write attempt
RuleID : 41351 - Type : FILE-OTHER - Revision : 3
2017-01-19 Apple Garageband .band file out of bounds write attempt
RuleID : 41350 - Type : FILE-OTHER - Revision : 3

Nessus® Vulnerability Scanner

id Description
2009-08-04 Name: The remote host has a version of GarageBand that is affected by an informatio...
File: macosx_garageband_5_1.nasl - Type: ACT_GATHER_INFO