7.8

CVE-2021-30860

Warnung
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiPadOS Version < 14.8
AppleiPhone OS Version < 12.5.5
AppleiPhone OS Version >= 13.0 < 14.8
ApplemacOS X Version >= 10.15 < 10.15.7
ApplemacOS X Version10.15.7 Update-
ApplemacOS X Version10.15.7 Updatesecurity_update_2020
ApplemacOS X Version10.15.7 Updatesecurity_update_2020-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-002
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-003
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-004
ApplemacOS Version < 11.6
ApplewatchOS Version < 7.6.2
XpdfreaderXpdf Version < 4.04
FreedesktopPoppler Version < 22.09.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Integer Overflow Vulnerability

Schwachstelle

Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 75.99% 0.995
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://seclists.org/fulldisclosure/2021/Sep/38
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/39
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/40
Third Party Advisory
Mailing List
https://support.apple.com/en-us/HT212807
Vendor Advisory
https://support.apple.com/en-us/HT212804
Vendor Advisory
https://support.apple.com/en-us/HT212805
Vendor Advisory
http://seclists.org/fulldisclosure/2021/Sep/25
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/27
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/50
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT212824
Vendor Advisory
http://seclists.org/fulldisclosure/2021/Sep/26
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/28
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/09/02/11
Mailing List
https://security.gentoo.org/glsa/202209-21
Third Party Advisory
https://support.apple.com/en-us/HT212806
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30860
US Government Resource