CVE-2021-30860

Опубликовано: 24 авг. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Высокий

Описание

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Ссылки

http://seclists.org/fulldisclosure/2021/Sep/25
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/26
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/27
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/28
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/38
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/39
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/40
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/50
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/09/02/11
Mailing List
https://security.gentoo.org/glsa/202209-21
Third Party Advisory
https://support.apple.com/en-us/HT212804
Vendor Advisory
https://support.apple.com/en-us/HT212805
Vendor Advisory
https://support.apple.com/en-us/HT212806
Vendor Advisory
https://support.apple.com/en-us/HT212807
Vendor Advisory
https://support.apple.com/kb/HT212824
Vendor Advisory
http://seclists.org/fulldisclosure/2021/Sep/25
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/26
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/27
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/28
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/38
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия до 14.8 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 12.5.5 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия от 13.0 (включая) до 14.8 (исключая)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия от 10.15 (включая) до 10.15.7 (исключая)

cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия до 11.6 (исключая)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Версия до 7.6.2 (исключая)

Конфигурация 2

cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*

Версия до 4.04 (исключая)

Конфигурация 3

cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*

Версия до 22.09.0 (исключая)

EPSS

Процентиль: 99%

0.72863

Высокий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

BDU:2021-05087

CVSS3: 8.8

fstec

больше 4 лет назад

Уязвимость операционных систем iPadOS, watchOS, iOS, Mac OS, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код

BDU:2022-05310

CVSS3: 9.8