CVE-2026-20657
Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination.
CWE
- CWE-119 — CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125 — CWE-125 Out-of-bounds Read
- CWE-787 — CWE-787 Out-of-bounds Write
Affected
- Apple / iOS and iPadOS — v=0 <18.7.7 [affected]
- Apple / macOS — v=0 <14.8.5 [affected]; v=0 <15.7.5 [affected]
CVSS
- (none)
References
- https://support.apple.com/en-us/126793
- https://support.apple.com/en-us/126795
- https://support.apple.com/en-us/126796
Source
cvelistV5-main/cves/2026/20xxx/CVE-2026-20657.json