7.8

CVE-2020-9961

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiCloud SwPlatformwindows Version < 11.5
AppleiTunes SwPlatformwindows Version < 12.10.9
AppleiPadOS Version < 14.0
AppleiPhone OS Version < 14.0
ApplemacOS X Version >= 10.13 < 10.13.6
ApplemacOS X Version >= 10.14 < 10.14.6
ApplemacOS X Version >= 10.15 < 10.15.7
ApplemacOS X Version10.13.6 Update-
ApplemacOS X Version10.13.6 Updatesecurity_update_2018-002
ApplemacOS X Version10.13.6 Updatesecurity_update_2018-003
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-001
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-002
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-003
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-004
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-005
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-006
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-007
ApplemacOS X Version10.13.6 Updatesecurity_update_2020-001
ApplemacOS X Version10.13.6 Updatesecurity_update_2020-002
ApplemacOS X Version10.13.6 Updatesecurity_update_2020-003
ApplemacOS X Version10.13.6 Updatesecurity_update_2020-004
ApplemacOS X Version10.14.6 Update-
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-001
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-002
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-004
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-005
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-006
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-007
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-001
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-002
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-003
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-004
AppletvOS Version < 14.0
ApplewatchOS Version < 7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.53% 0.714
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://seclists.org/fulldisclosure/2020/Nov/20
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT211850
Vendor Advisory
http://seclists.org/fulldisclosure/2020/Nov/19
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/Nov/22
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT211843
Vendor Advisory
https://support.apple.com/kb/HT211844
Vendor Advisory
https://support.apple.com/kb/HT211935
Vendor Advisory
https://support.apple.com/kb/HT211952
Vendor Advisory
http://seclists.org/fulldisclosure/2020/Nov/21
Third Party Advisory
Mailing List
https://support.apple.com/en-us/HT211849
Vendor Advisory
Release Notes