{"api_version":"1","generated_at":"2026-04-23T04:34:14+00:00","cve":"CVE-2023-35074","urls":{"html":"https://cve.report/CVE-2023-35074","api":"https://cve.report/api/cve/CVE-2023-35074.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-35074","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-35074"},"summary":{"title":"CVE-2023-35074","description":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2023-09-27 15:18:00","updated_at":"2024-01-31 15:15:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Oct/3","name":"http://seclists.org/fulldisclosure/2023/Oct/3","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-2 macOS Sonoma 14","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202401-33","name":"https://security.gentoo.org/glsa/202401-33","refsource":"","tags":[],"title":"WebKitGTK+: Multiple Vulnerabilities (GLSA 202401-33) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/2","name":"http://seclists.org/fulldisclosure/2023/Oct/2","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-1 Safari 17","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/3","name":"http://www.openwall.com/lists/oss-security/2023/09/28/3","refsource":"MISC","tags":[],"title":"oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/10","name":"http://seclists.org/fulldisclosure/2023/Oct/10","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-9 tvOS 17","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: webkitgtk-2.42.1-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/9","name":"http://seclists.org/fulldisclosure/2023/Oct/9","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-8 watchOS 10","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213937","name":"https://support.apple.com/en-us/HT213937","refsource":"MISC","tags":[],"title":"About the security content of watchOS 10 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213936","name":"https://support.apple.com/en-us/HT213936","refsource":"MISC","tags":[],"title":"About the security content of tvOS 17 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213938","name":"https://support.apple.com/en-us/HT213938","refsource":"MISC","tags":[],"title":"About the security content of iOS 17 and iPadOS 17 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/8","name":"http://seclists.org/fulldisclosure/2023/Oct/8","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT213940","name":"https://support.apple.com/en-us/HT213940","refsource":"MISC","tags":[],"title":"About the security content of macOS Sonoma 14 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213941","name":"https://support.apple.com/en-us/HT213941","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-35074","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35074","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"35074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"35074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"35074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"35074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"35074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"35074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"35074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-35074","qid":"284627","title":"Fedora Security Update for webkitgtk (FEDORA-2023-1536766e9f)"},{"cve":"CVE-2023-35074","qid":"357018","title":"Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2024-2427"},{"cve":"CVE-2023-35074","qid":"378902","title":"Apple Safari Multiple Vulnerabilities (HT213941)"},{"cve":"CVE-2023-35074","qid":"610525","title":"Apple iOS 17 and iPadOS 17 Security Update Missing (HT213938)"},{"cve":"CVE-2023-35074","qid":"710848","title":"Gentoo Linux WebKitGTK+ Multiple Vulnerabilities (GLSA 202401-33)"},{"cve":"CVE-2023-35074","qid":"755164","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4211-1)"},{"cve":"CVE-2023-35074","qid":"755166","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4209-1)"},{"cve":"CVE-2023-35074","qid":"755202","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4294-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-35074","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Processing web content may lead to arbitrary code execution"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS and iPadOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"17"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"17"}]}},{"product_name":"Safari","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"17"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"14"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"10"}]}}]}}]}},"references":{"reference_data":[{"url":"https://support.apple.com/en-us/HT213938","refsource":"MISC","name":"https://support.apple.com/en-us/HT213938"},{"url":"https://support.apple.com/en-us/HT213936","refsource":"MISC","name":"https://support.apple.com/en-us/HT213936"},{"url":"https://support.apple.com/en-us/HT213941","refsource":"MISC","name":"https://support.apple.com/en-us/HT213941"},{"url":"https://support.apple.com/en-us/HT213940","refsource":"MISC","name":"https://support.apple.com/en-us/HT213940"},{"url":"https://support.apple.com/en-us/HT213937","refsource":"MISC","name":"https://support.apple.com/en-us/HT213937"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/3","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/28/3"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/2","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/2"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/10","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/10"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/8","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/8"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/9","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/9"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/3","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/3"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"}]}},"nvd":{"publishedDate":"2023-09-27 15:18:00","lastModifiedDate":"2024-01-31 15:15:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}