Vulnerability Name: CVE-2021-30785 (CCN-206120) Assigned: 2021-07-21 Published: 2021-07-21 Updated: 2022-02-22 Summary: A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution. CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-120 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2021-30785 apple-macos-cve202130785-bo(206120) About the security content of Security Update 2021-004 Catalina https://support.apple.com/en-us/HT212600 https://support.apple.com/en-us/HT212601 https://support.apple.com/en-us/HT212602 https://support.apple.com/en-us/HT212604 https://support.apple.com/en-us/HT212605 About the security content of iCloud for Windows 12.5 About the security content of iTunes 12.11.4 for Windows Apple macOS ImageIO PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-22-353/ Vulnerable Configuration: Configuration 1 :cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 14.7)OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.15 and <= 10.15.6) OR cpe:/o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:* OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version < 11.5) OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version < 14.7) OR cpe:/o:apple:watchos:*:*:*:*:*:*:*:* (Version < 7.6) Configuration CCN 1 :cpe:/o:apple:macos_catalina:10.15.2:*:*:*:*:*:*:* AND cpe:/a:apple:itunes:12.11.3:*:*:*:*:windows:*:* BACK
apple iphone os *
apple mac os x *
apple mac os x 10.15.7 -
apple mac os x 10.15.7 security_update_2020
apple mac os x 10.15.7 security_update_2020-001
apple mac os x 10.15.7 security_update_2020-005
apple mac os x 10.15.7 security_update_2020-007
apple mac os x 10.15.7 security_update_2021-001
apple mac os x 10.15.7 security_update_2021-002
apple mac os x 10.15.7 security_update_2021-003
apple mac os x 10.15.7 supplemental_update
apple macos *
apple tvos *
apple watchos *
apple macos catalina 10.15.2
apple itunes 12.11.3
Denotes that component is vulnerable