CVE-2020-27931
Vulnerability from cvelistv5
Published
2021-04-02 17:32
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.
References
▼ | URL | Tags | |
---|---|---|---|
product-security@apple.com | https://support.apple.com/en-us/HT211843 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/HT211844 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/HT211850 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/HT211931 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/HT212011 | Vendor Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:25:44.119Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT211843" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT211850" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT211844" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT211931" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212011" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "14.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "7.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "14.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing a maliciously crafted font file may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-02T17:32:56", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT211843" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT211850" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT211844" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT211931" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212011" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-27931", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "14.0" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "7.0" } ] } }, { "product_name": "iOS and iPadOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "14.0" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.0" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.1" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing a maliciously crafted font file may lead to arbitrary code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT211843", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211843" }, { "name": "https://support.apple.com/en-us/HT211850", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211850" }, { "name": "https://support.apple.com/en-us/HT211844", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211844" }, { "name": "https://support.apple.com/en-us/HT211931", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211931" }, { "name": "https://support.apple.com/en-us/HT212011", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212011" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-27931", "datePublished": "2021-04-02T17:32:56", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-08-04T16:25:44.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-27931\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-04-02T18:15:15.983\",\"lastModified\":\"2023-01-09T16:41:59.350\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se present\u00f3 un problema de corrupci\u00f3n de memoria en un procesamiento de archivos de fuentes.\u0026#xa0;Este problema es abordado con una comprobaci\u00f3n de la entrada mejorada.\u0026#xa0;Este problema es corregido en iOS versi\u00f3n 14.0 y iPadOS versi\u00f3n 14.0, macOS Big Sur versi\u00f3n 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur versi\u00f3n 11.0.1, watchOS versi\u00f3n 7.0, tvOS versi\u00f3n 14.0.\u0026#xa0;El procesamiento de un archivo fuente dise\u00f1ado maliciosamente puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1.0\",\"matchCriteriaId\":\"21C0E924-5685-42A0-A78C-3330F1D2789D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.0\",\"matchCriteriaId\":\"10CC9ED4-9AE1-415A-94FF-60CB209506CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.0\",\"matchCriteriaId\":\"16AF4D2F-3C55-4DCC-A253-3F8CB4F453EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0.1\",\"matchCriteriaId\":\"5CD08100-FC49-42F0-A226-0E5B523EC027\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.0\",\"matchCriteriaId\":\"0D16EC4D-D2E7-476D-BFBC-3703C8F0B45E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\",\"matchCriteriaId\":\"C117BCCF-7789-40BB-AD25-1E712F6DCF7C\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT211843\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211844\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211850\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211931\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212011\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.