CVE-2021-30860

Warnung

EPSS 72.86%
Veröffentlicht 24.08.2021 19:15:14
Zuletzt bearbeitet 27.10.2025 17:38:22
Quelle product-security@apple.com
CVE-Watchlists
Login
Unerledigt
Login

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iPadOS Version < 14.8

Apple ≫ iPhone OS Version < 12.5.5

Apple ≫ iPhone OS Version >= 13.0 < 14.8

Apple ≫ macOS X Version >= 10.15 < 10.15.7

Apple ≫ macOS X Version10.15.7 Update-

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-002

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-003

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-004

Apple ≫ macOS Version < 11.6

Apple ≫ watchOS Version < 7.6.2

Xpdfreader ≫ Xpdf Version < 4.04

Freedesktop ≫ Poppler Version < 22.09.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Integer Overflow Vulnerability

Schwachstelle

Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	72.86%	0.987

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://seclists.org/fulldisclosure/2021/Sep/38

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2021/Sep/39

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2021/Sep/40

Third Party Advisory

Mailing List

https://support.apple.com/en-us/HT212807

Vendor Advisory

https://support.apple.com/en-us/HT212804