CVE-2017-7013

Published: Jul 20, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.

Affected (6)

Products: Apple: Icloud, Itunes, Iphone Os, Mac Os X, Tvos, Watchos

6 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Icloud	Up to 6.2.1

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Itunes	Up to 12.6.1

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 10.3.2
Apple Mac Os X	Up to 10.12.5
Apple Tvos	Up to 10.2.1
Apple Watchos	Up to 3.2.2

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (16)

http://www.securityfocus.com/bid/99879

Source: product-security@apple.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038950

Source: product-security@apple.com

Third Party AdvisoryVDB Entry

https://support.apple.com/HT207922

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT207923

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT207924

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT207925

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT207927

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT207928

Source: product-security@apple.com

Vendor Advisory

http://www.securityfocus.com/bid/99879

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038950

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.apple.com/HT207922

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT207923

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT207924

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT207925

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT207927

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT207928

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.