← Back

CVE-2020-3826

nvd nist
Published: Feb 27, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing a maliciously crafted image may lead to arbitrary code execution.

Affected (7)

Apple
7 products
Icloud
Ipados
Iphone Os
Itunes
Mac Os X
Tvos
Watchos
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Icloud
Before 11.0
Ipados
Before 13.3.1
Iphone Os
Before 13.3.1
Itunes
Before 12.10.4
Mac Os X
Before 10.15.3
Tvos
Before 13.3.1
Watchos
Before 6.1.2

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory

Timeline

No history available yet.