7.8

CVE-2021-30942

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution.

Data is provided by the National Vulnerability Database (NVD)
AppleiPadOS Version < 15.2
AppleiPhone OS Version < 15.2
ApplemacOS X Version >= 10.15 < 10.15.7
ApplemacOS X Version10.15.7 Update-
ApplemacOS X Version10.15.7 Updatesecurity_update_2020-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-002
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-003
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-004
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-005
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-006
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-007
ApplemacOS Version >= 11.0 < 11.6.2
ApplemacOS Version >= 12.0 < 12.1
AppletvOS Version < 15.2
ApplewatchOS Version < 8.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.33% 0.548
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.