Details of VAR-201702-0221

ID

VAR-201702-0221

CVE

CVE-2016-7622

TITLE

Apple macOS of Grapher Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2016-007397

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Grapher" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, obtain sensitive information, gain elevated privileges or cause a denial-of-service condition

Trust: 1.98

sources: NVD: CVE-2016-7622 // JVNDB: JVNDB-2016-007397 // BID: 94903 // VULHUB: VHN-96442

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.1	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.2	Trust: 0.3

sources: BID: 94903 // JVNDB: JVNDB-2016-007397 // CNNVD: CNNVD-201612-495 // NVD: CVE-2016-7622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7622
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-7622
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201612-495
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-96442
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7622
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96442
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7622
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96442 // JVNDB: JVNDB-2016-007397 // CNNVD: CNNVD-201612-495 // NVD: CVE-2016-7622

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-96442 // JVNDB: JVNDB-2016-007397 // NVD: CVE-2016-7622

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-495

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201612-495

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007397

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-12-13-1 macOS 10.12.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html	Trust: 0.8
title:	HT207423	url:	https://support.apple.com/en-us/HT207423	Trust: 0.8
title:	HT207423	url:	https://support.apple.com/ja-jp/HT207423	Trust: 0.8
title:	Apple macOS Sierra Grapher Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66529	Trust: 0.6

sources: JVNDB: JVNDB-2016-007397 // CNNVD: CNNVD-201612-495

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7622	Trust: 2.8
db:	BID	id:	94903	Trust: 2.0
db:	SECTRACK	id:	1037469	Trust: 1.1
db:	JVN	id:	JVNVU97133642	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007397	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-495	Trust: 0.7
db:	VULHUB	id:	VHN-96442	Trust: 0.1

sources: VULHUB: VHN-96442 // BID: 94903 // JVNDB: JVNDB-2016-007397 // CNNVD: CNNVD-201612-495 // NVD: CVE-2016-7622

REFERENCES

url:	http://www.securityfocus.com/bid/94903	Trust: 1.7
url:	https://support.apple.com/ht207423	Trust: 1.7
url:	http://www.securitytracker.com/id/1037469	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7622	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97133642/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7622	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-96442 // BID: 94903 // JVNDB: JVNDB-2016-007397 // CNNVD: CNNVD-201612-495 // NVD: CVE-2016-7622

CREDITS

daybreaker@Minionz working with Trend Micro's Zero Day Initiative, an anonymous researcher, Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group, daybreaker of Minionz, Radu Motspan working with Trend Micro's Zero Day In

Trust: 0.6

sources: CNNVD: CNNVD-201612-495

SOURCES

db:	VULHUB	id:	VHN-96442
db:	BID	id:	94903
db:	JVNDB	id:	JVNDB-2016-007397
db:	CNNVD	id:	CNNVD-201612-495
db:	NVD	id:	CVE-2016-7622

LAST UPDATE DATE

2025-04-20T21:40:26.774000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96442	date:	2017-07-27T00:00:00
db:	BID	id:	94903	date:	2016-12-20T00:09:00
db:	JVNDB	id:	JVNDB-2016-007397	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201612-495	date:	2017-02-28T00:00:00
db:	NVD	id:	CVE-2016-7622	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96442	date:	2017-02-20T00:00:00
db:	BID	id:	94903	date:	2016-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-007397	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201612-495	date:	2016-12-15T00:00:00
db:	NVD	id:	CVE-2016-7622	date:	2017-02-20T08:59:02.853