CVE-2021-30785

Published: Sep 8, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution.

Affected (14)

Products: Apple: Iphone Os, Mac Os X, Macos, Tvos, Watchos

5 products

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 14.7
Apple Mac Os X	From 10.15 to 10.15.6
Apple Mac Os X	Version 10.15.7
Apple Mac Os X	Version 10.15.7 security_update_2020-001
Apple Mac Os X	Version 10.15.7 security_update_2020-005
Apple Mac Os X	Version 10.15.7 security_update_2020-007
Apple Mac Os X	Version 10.15.7 security_update_2020
Apple Mac Os X	Version 10.15.7 security_update_2021-001
Apple Mac Os X	Version 10.15.7 security_update_2021-002
Apple Mac Os X	Version 10.15.7 security_update_2021-003
Apple Mac Os X	Version 10.15.7 supplemental_update
Apple Macos	Before 11.5
Apple Tvos	Before 14.7
Apple Watchos	Before 7.6

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (12)

https://support.apple.com/en-us/HT212600

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212601

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212602

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212604

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212605

Source: product-security@apple.com

Release NotesVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-353/

Source: product-security@apple.com

Third Party AdvisoryVDB Entry

https://support.apple.com/en-us/HT212600

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212601

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212602

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212604

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212605

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-353/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.