Vulnerability Name: CVE-2021-30687 (CCN-202301) Assigned: 2021-05-24 Published: 2021-05-24 Updated: 2021-09-17 Summary: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information. CVSS v3 Severity: 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-125 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2021-30687 apple-macos-cve202130687-info-disc(202301) https://support.apple.com/en-us/HT212528 About the security content of macOS Big Sur 11.4 https://support.apple.com/en-us/HT212529 About the security content of Security Update 2021-003 Catalina https://support.apple.com/en-us/HT212530 https://support.apple.com/en-us/HT212531 https://support.apple.com/en-us/HT212532 https://support.apple.com/en-us/HT212533 Vulnerable Configuration: Configuration 1 :cpe:/o:apple:ipados:*:*:*:*:*:*:*:* (Version < 14.6)OR cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 14.6) OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.14 and <= 10.14.5) OR cpe:/o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2021-003:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.15 and <= 10.15.6) OR cpe:/o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:* OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.4) OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version < 14.6) OR cpe:/o:apple:watchos:*:*:*:*:*:*:*:* (Version < 7.5) Configuration CCN 1 :cpe:/o:apple:macos_catalina:10.15.2:*:*:*:*:*:*:* BACK
apple ipados *
apple iphone os *
apple mac os x *
apple mac os x 10.14.6 -
apple mac os x 10.14.6 security_update_2019-001
apple mac os x 10.14.6 security_update_2019-002
apple mac os x 10.14.6 security_update_2019-004
apple mac os x 10.14.6 security_update_2019-005
apple mac os x 10.14.6 security_update_2019-006
apple mac os x 10.14.6 security_update_2019-007
apple mac os x 10.14.6 security_update_2020-001
apple mac os x 10.14.6 security_update_2020-002
apple mac os x 10.14.6 security_update_2020-003
apple mac os x 10.14.6 security_update_2020-004
apple mac os x 10.14.6 security_update_2020-005
apple mac os x 10.14.6 security_update_2020-006
apple mac os x 10.14.6 security_update_2020-007
apple mac os x 10.14.6 security_update_2021-001
apple mac os x 10.14.6 security_update_2021-002
apple mac os x 10.14.6 security_update_2021-003
apple mac os x 10.14.6 supplemental_update
apple mac os x 10.14.6 supplemental_update_2
apple mac os x *
apple mac os x 10.15.7 -
apple mac os x 10.15.7 security_update_2020
apple mac os x 10.15.7 security_update_2020-001
apple mac os x 10.15.7 security_update_2020-005
apple mac os x 10.15.7 security_update_2020-007
apple mac os x 10.15.7 security_update_2021-001
apple mac os x 10.15.7 security_update_2021-002
apple mac os x 10.15.7 supplemental_update
apple macos *
apple tvos *
apple watchos *
apple macos catalina 10.15.2
Denotes that component is vulnerable