cve/2022/CVE-2022-22666.md

### [CVE-2022-22666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22666)
![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2015.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%208.5%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Processing%20a%20maliciously%20crafted%20image%20may%20lead%20to%20heap%20corruption&color=brighgreen)

### Description

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.

### POC

#### Reference
- http://packetstormsecurity.com/files/167144/AppleVideoDecoder-CreateHeaderBuffer-Out-Of-Bounds-Free.html

#### Github
- https://github.com/ARPSyndicate/cvemon