CyberSec.Space Logo
Back to CVE Browser

CVE-2017-2519

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0050%
EPSS Percentile16.01th
PublishedMay 22, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.

Affected Platforms (CPE)

πŸ’»
Apple

Iphone Os

< 10.3.2
πŸ’»
Apple

Mac Os X

< 10.12.5
πŸ’»
Apple

Tvos

< 10.2.1
πŸ’»
Apple

Watchos

< 3.2.2
πŸ’»
Debian

Debian Linux

= 8.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/98468
πŸ”— http://www.securitytracker.com/id/1038484
πŸ”— https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html
πŸ”— https://support.apple.com/HT207797
πŸ”— https://support.apple.com/HT207798
πŸ”— https://support.apple.com/HT207800
πŸ”— https://support.apple.com/HT207801
πŸ”— https://usn.ubuntu.com/4019-1/

Related Vulnerabilities

CVE-2009-220410.0

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitr...

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...

CVE-2008-421110.0

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iP...

CVE-2010-111910.0

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on ...