CVE-2025-43400 | THREATINT

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.1, tvOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-29 | Updated 2025-11-04 | Assigner apple

Problem types

Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory

Product status

Any version before 26.1

affected

Any version before 26.1

affected

References

seclists.org/fulldisclosure/2025/Sep/78

seclists.org/fulldisclosure/2025/Sep/73

seclists.org/fulldisclosure/2025/Sep/76

support.apple.com/en-us/125637

support.apple.com/en-us/125639

cve.org (CVE-2025-43400)

nvd.nist.gov (CVE-2025-43400)

Download JSON