CVE-2021-30860
Apple Multiple Products Integer Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Se ha solucionado un desbordamiento de enteros con una validación de entrada mejorada. Este problema se soluciona en la actualización de seguridad 2021-005 Catalina, iOS 14.8 y iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. El procesamiento de un PDF malintencionado puede conducir a la ejecución de código arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente.
Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-13 CVE Reserved
- 2021-08-24 CVE Published
- 2021-09-21 First Exploit
- 2021-11-03 Exploited in Wild
- 2021-11-17 KEV Due Date
- 2024-05-09 EPSS Updated
- 2024-08-03 CVE Updated
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (17)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2021/Sep/25 | Mailing List | |
http://seclists.org/fulldisclosure/2021/Sep/26 | Mailing List | |
http://seclists.org/fulldisclosure/2021/Sep/27 | Mailing List | |
http://seclists.org/fulldisclosure/2021/Sep/28 | Mailing List | |
http://seclists.org/fulldisclosure/2021/Sep/38 | Mailing List | |
http://seclists.org/fulldisclosure/2021/Sep/39 | Mailing List | |
http://seclists.org/fulldisclosure/2021/Sep/40 | Mailing List | |
http://seclists.org/fulldisclosure/2021/Sep/50 | Mailing List | |
http://www.openwall.com/lists/oss-security/2022/09/02/11 | Mailing List |
URL | Date | SRC |
---|---|---|
https://github.com/jeffssh/CVE-2021-30860 | 2024-03-30 | |
https://github.com/Levilutz/CVE-2021-30860 | 2021-09-21 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202209-21 | 2024-02-02 | |
https://support.apple.com/en-us/HT212804 | 2024-02-02 | |
https://support.apple.com/en-us/HT212805 | 2024-02-02 | |
https://support.apple.com/en-us/HT212806 | 2024-02-02 | |
https://support.apple.com/en-us/HT212807 | 2024-02-02 | |
https://support.apple.com/kb/HT212824 | 2024-02-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apple Search vendor "Apple" | Ipados Search vendor "Apple" for product "Ipados" | < 14.8 Search vendor "Apple" for product "Ipados" and version " < 14.8" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 12.5.5 Search vendor "Apple" for product "Iphone Os" and version " < 12.5.5" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | >= 13.0 < 14.8 Search vendor "Apple" for product "Iphone Os" and version " >= 13.0 < 14.8" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | >= 10.15 < 10.15.7 Search vendor "Apple" for product "Mac Os X" and version " >= 10.15 < 10.15.7" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | security_update_2020 |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | security_update_2020-001 |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | security_update_2021-001 |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | security_update_2021-002 |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | security_update_2021-003 |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | security_update_2021-004 |
Affected
| ||||||
Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | < 11.6 Search vendor "Apple" for product "Macos" and version " < 11.6" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 7.6.2 Search vendor "Apple" for product "Watchos" and version " < 7.6.2" | - |
Affected
| ||||||
Xpdfreader Search vendor "Xpdfreader" | Xpdf Search vendor "Xpdfreader" for product "Xpdf" | < 4.04 Search vendor "Xpdfreader" for product "Xpdf" and version " < 4.04" | - |
Affected
| ||||||
Freedesktop Search vendor "Freedesktop" | Poppler Search vendor "Freedesktop" for product "Poppler" | < 22.09.0 Search vendor "Freedesktop" for product "Poppler" and version " < 22.09.0" | - |
Affected
|