cvelistv5 - cve-2021-1744

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT212146	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212147	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212148	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212149	Release Notes, Vendor Advisory

▼	Vendor	Product
	Apple	iOS and iPadOS
	Apple	macOS
	Apple	macOS
	Apple	macOS

ghsa-pfvx-gwp8-9rx2

Vulnerability from github

Published

2022-05-24 17:46

Modified

2022-05-24 17:46

Details

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-1744"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-02T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",
  "id": "GHSA-pfvx-gwp8-9rx2",
  "modified": "2022-05-24T17:46:16Z",
  "published": "2022-05-24T17:46:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1744"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212146"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212147"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212148"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212149"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

var-202104-0625

Vulnerability from variot

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. A security vulnerability exists in Apple ImageIO that could allow a remote attacker to compromise a vulnerable system. The following products and versions are affected: macOS: 10.15, 10.15 SU1, 10.15.1, 10.15.2, 10.15.3, 10.15.4, 10.15.4 SU1, 10.15.5, 10.15.5 SU1, 10.15.6, 10.15. 6 SU1, 10.15.7, 10.15.7 SU1, 11.0, 11.0.1, 11.1. Information about the security content is also available at https://support.apple.com/HT212147. CVE-2021-1761: Cees Elzinga

APFS Available for: macOS Big Sur 11.0.1 Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann

CFNetwork Cache Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team

CoreAnimation Available for: macOS Big Sur 11.0.1 Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed with improved state management. CVE-2021-1760: @S0rryMybad of 360 Vulcan Team

CoreAudio Available for: macOS Big Sur 11.0.1 Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab

CoreGraphics Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT

CoreText Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative

CoreText Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative

Crash Reporter Available for: macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2021-1761: Cees Elzinga

Crash Reporter Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: A local attacker may be able to elevate their privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security

Directory Utility Available for: macOS Catalina 10.15.7 Impact: A malicious application may be able to access private information Description: A logic issue was addressed with improved state management. CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing

Endpoint Security Available for: macOS Catalina 10.15.7 Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response Center

FairPlay Available for: macOS Big Sur 11.0.1 Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative

FontParser Available for: macOS Catalina 10.15.7 Impact: Processing a maliciously crafted font may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro

FontParser Available for: macOS Mojave 10.14.6 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab

FontParser Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light- Year Lab

ImageIO Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab

ImageIO Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to a denial of service Description: An out-of-bounds read issue existed in the curl. CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab

ImageIO Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1766: Danny Rosseau of Carve Systems

ImageIO Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab

ImageIO Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1738: Lei Sun CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab

IOKit Available for: macOS Big Sur 11.0.1 Impact: An application may be able to execute arbitrary code with system privileges Description: A logic error in kext loading was addressed with improved state handling. CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security

IOSkywalkFamily Available for: macOS Big Sur 11.0.1 Impact: A local attacker may be able to elevate their privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security, Proteas

Kernel Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

Kernel Available for: macOS Big Sur 11.0.1 Impact: A remote attacker may be able to cause a denial of service Description: A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1782: an anonymous researcher

Kernel Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1750: @0xalsr

Login Window Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: An attacker in a privileged network position may be able to bypass authentication policy Description: An authentication issue was addressed with improved state management. CVE-2020-29633: Jewel Lambert of Original Spin, LLC. CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)

Model I/O Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1762: Mickey Jin of Trend Micro

Model I/O Available for: macOS Catalina 10.15.7 Impact: Processing a maliciously crafted file may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab

Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative

Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted image may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative

Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative

Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative

Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative

NetFSFramework Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-25709

Power Management Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan

Screen Sharing Available for: macOS Big Sur 11.0.1 Impact: Multiple issues in pcre Description: Multiple issues were addressed by updating to version 8.44. CVE-2019-20838 CVE-2020-14155

SQLite Available for: macOS Catalina 10.15.7 Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358

Swift Available for: macOS Big Sur 11.0.1 Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved validation. CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs

WebKit Available for: macOS Big Sur 11.0.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1788: Francisco Alonso (@revskills)

WebKit Available for: macOS Big Sur 11.0.1 Impact: Maliciously crafted web content may violate iframe sandboxing policy Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1765: Eliya Stein of Confiant CVE-2021-1801: Eliya Stein of Confiant

WebKit Available for: macOS Big Sur 11.0.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-1789: @S0rryMybad of 360 Vulcan Team

WebKit Available for: macOS Big Sur 11.0.1 Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher

WebRTC Available for: macOS Big Sur 11.0.1 Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed with additional port validation. CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar

Additional recognition

Kernel We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance.

libpthread We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.

Login Window We would like to acknowledge Jose Moises Romero-Villanueva of CrySolve for their assistance.

Mail Drafts We would like to acknowledge Jon Bottarini of HackerOne for their assistance.

Screen Sharing Server We would like to acknowledge @gorelics for their assistance.

WebRTC We would like to acknowledge Philipp Hancke for their assistance.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgrkACgkQZcsbuWJ6 jjATvhAAmcspGY8ZHJcSUGr9mysz5iT9oGkZcvFa8kcJsFAvFb9Wjz0M2eovBXQc D9bD7LrUpodiqkSobB4bEevpD9P8E/T/eRSBxjomKLv5DKHPT4eh/K2EU6R6ubVi GGNlT9DJrIxcTJIB2y/yfs8msV2w2/gZDLKJZP4Zh6t8G1sjI17iEaxpOph67aq2 X0d+P7+7q1mUBa47JEQ+HIUNlfHtBL825cnmHD2Vn1WELQLKZfXBl+nPM9l9naRc 3vYIvR7xJ5c4bqFx7N9xwGdQ5TRIoDijqADwggGwOZEiVZ7PWifj/iCLUz4Ks4hr oGVE1UxN1oSX63D44ZQyfiyIWIiMtDV9V4J6mUoUnZ6RTTMoRRAF9DcSVF5/wmHk odYnMeouHc543ZyVBtdtwJ/tbuBvTOjzpNn0+UgiyRL9wG/xxQq+gB4vwgSEviek bBhyvdxLVWW0ULwFeN5rI5bCQBkv6BB9OSyhD6sMRrp59NAgBBS2nstZG1RAt7XL 2KZ1GpoNcuDRLj7ElxAfeJuPM1dFVTK48SH56M1FElz/QowZVOXyKgUoaeVTUyAC 3WOACmFAosFIclCbr8z8yGynX2bsCGBNKv4pKoHlyZCyFHCQw9L6uR2gRkOp86+M iqHtE2L1WUZvUMCIKxfdixILEfoacSVCxr3+v4SSDOcEbSDYEIA= =mUkG -----END PGP SIGNATURE-----

. CVE-2021-1782: an anonymous researcher

Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to leak sensitive user information Description: A privacy issue existed in the handling of Contact cards. CVE-2021-1753: Mickey Jin of Trend Micro Entry added February 1, 2021

Phone Keypad Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker with physical access to a device may be able to see private contact information Description: A lock screen issue allowed access to contacts on a locked device

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0625",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1744"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.7",
                "versionStartIncluding": "10.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2",
                "versionStartIncluding": "11.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1744"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161245"
      },
      {
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-118"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2021-1744",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-376404",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-1744",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-1744",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-118",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-376404",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-1744",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376404"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1744"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1744"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-118"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. A security vulnerability exists in Apple ImageIO that could allow a remote attacker to compromise a vulnerable system. The following products and versions are affected: macOS: 10.15, 10.15 SU1, 10.15.1, 10.15.2, 10.15.3, 10.15.4, 10.15.4 SU1, 10.15.5, 10.15.5 SU1, 10.15.6, 10.15. 6 SU1, 10.15.7, 10.15.7 SU1, 11.0, 11.0.1, 11.1. Information\nabout the security content is also available at\nhttps://support.apple.com/HT212147. \nCVE-2021-1761: Cees Elzinga\n\nAPFS\nAvailable for: macOS Big Sur 11.0.1\nImpact: A local user may be able to read arbitrary files\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1797: Thomas Tempelmann\n\nCFNetwork Cache\nAvailable for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team\n\nCoreAnimation\nAvailable for: macOS Big Sur 11.0.1\nImpact: A malicious application could execute arbitrary code leading\nto compromise of user information\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1760: @S0rryMybad of 360 Vulcan Team\n\nCoreAudio\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab\n\nCoreGraphics\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT\n\nCoreText\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A stack overflow was addressed with improved input\nvalidation. \nCVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro\u2019s\nZero Day Initiative\n\nCoreText\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1792: Mickey Jin \u0026 Junzhi Lu of Trend Micro working with\nTrend Micro\u2019s Zero Day Initiative\n\nCrash Reporter\nAvailable for: macOS Catalina 10.15.7\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2021-1761: Cees Elzinga\n\nCrash Reporter\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: A local attacker may be able to elevate their privileges\nDescription: Multiple issues were addressed with improved logic. \nCVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security\n\nDirectory Utility\nAvailable for: macOS Catalina 10.15.7\nImpact: A malicious application may be able to access private\ninformation\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-27937: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEndpoint Security\nAvailable for: macOS Catalina 10.15.7\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response\nCenter\n\nFairPlay\nAvailable for: macOS Big Sur 11.0.1\nImpact: A malicious application may be able to disclose kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. \nCVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun \u0026 Mickey Jin of Trend\nMicro working with Trend Micro\u2019s Zero Day Initiative\n\nFontParser\nAvailable for: macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted font may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro\n\nFontParser\nAvailable for: macOS Mojave 10.14.6\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab\n\nFontParser\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1743: Mickey Jin \u0026 Junzhi Lu of Trend Micro working with\nTrend Micro\u2019s Zero Day Initiative, Xingwei Lin of Ant Security Light-\nYear Lab\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An out-of-bounds read issue existed in the curl. \nCVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1766: Danny Rosseau of Carve Systems\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1746: Mickey Jin \u0026 Qi Sun of Trend Micro, Xingwei Lin of Ant\nSecurity Light-Year Lab\nCVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1738: Lei Sun\nCVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab\n\nIOKit\nAvailable for: macOS Big Sur 11.0.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A logic error in kext loading was addressed with\nimproved state handling. \nCVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security\n\nIOSkywalkFamily\nAvailable for: macOS Big Sur 11.0.1\nImpact: A local attacker may be able to elevate their privileges\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security,\nProteas\n\nKernel\nAvailable for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue existed resulting in memory corruption. \nCVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nKernel\nAvailable for: macOS Big Sur 11.0.1\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A use after free issue was addressed with improved\nmemory management. \nApple is aware of a report that this issue may have been actively\nexploited. \nCVE-2021-1782: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple issues were addressed with improved logic. \nCVE-2021-1750: @0xalsr\n\nLogin Window\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: An attacker in a privileged network position may be able to\nbypass authentication policy\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2020-29633: Jewel Lambert of Original Spin, LLC. \nCVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1762: Mickey Jin of Trend Micro\n\nModel I/O\nAvailable for: macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: This issue was addressed with improved checks. \nCVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro\u2019s\nZero Day Initiative\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: This issue was addressed with improved checks. \nCVE-2021-1767: Mickey Jin \u0026 Junzhi Lu of Trend Micro working with\nTrend Micro\u2019s Zero Day Initiative\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1745: Mickey Jin \u0026 Junzhi Lu of Trend Micro working with\nTrend Micro\u2019s Zero Day Initiative\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro\u2019s\nZero Day Initiative\n\nModel I/O\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1768: Mickey Jin \u0026 Junzhi Lu of Trend Micro working with\nTrend Micro\u2019s Zero Day Initiative\n\nNetFSFramework\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and\nmacOS Mojave 10.14.6\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-25709\n\nPower Management\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan\n\nScreen Sharing\nAvailable for: macOS Big Sur 11.0.1\nImpact: Multiple issues in pcre\nDescription: Multiple issues were addressed by updating to version\n8.44. \nCVE-2019-20838\nCVE-2020-14155\n\nSQLite\nAvailable for: macOS Catalina 10.15.7\nImpact: Multiple issues in SQLite\nDescription: Multiple issues were addressed by updating SQLite to\nversion 3.32.3. \nCVE-2020-15358\n\nSwift\nAvailable for: macOS Big Sur 11.0.1\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs\n\nWebKit\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1788: Francisco Alonso (@revskills)\n\nWebKit\nAvailable for: macOS Big Sur 11.0.1\nImpact: Maliciously crafted web content may violate iframe sandboxing\npolicy\nDescription: This issue was addressed with improved iframe sandbox\nenforcement. \nCVE-2021-1765: Eliya Stein of Confiant\nCVE-2021-1801: Eliya Stein of Confiant\n\nWebKit\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-1789: @S0rryMybad of 360 Vulcan Team\n\nWebKit\nAvailable for: macOS Big Sur 11.0.1\nImpact: A remote attacker may be able to cause arbitrary code\nexecution. Apple is aware of a report that this issue may have been\nactively exploited. \nCVE-2021-1871: an anonymous researcher\nCVE-2021-1870: an anonymous researcher\n\nWebRTC\nAvailable for: macOS Big Sur 11.0.1\nImpact: A malicious website may be able to access restricted ports on\narbitrary servers\nDescription: A port redirection issue was addressed with additional\nport validation. \nCVE-2021-1799: Gregory Vishnepolsky \u0026 Ben Seri of Armis Security, and\nSamy Kamkar\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin \u0026 Jesse\nChange of Trend Micro for their assistance. \n\nlibpthread\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year\nLabs for their assistance. \n\nLogin Window\nWe would like to acknowledge Jose Moises Romero-Villanueva of\nCrySolve for their assistance. \n\nMail Drafts\nWe would like to acknowledge Jon Bottarini of HackerOne for their\nassistance. \n\nScreen Sharing Server\nWe would like to acknowledge @gorelics for their assistance. \n\nWebRTC\nWe would like to acknowledge Philipp Hancke for their assistance. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgrkACgkQZcsbuWJ6\njjATvhAAmcspGY8ZHJcSUGr9mysz5iT9oGkZcvFa8kcJsFAvFb9Wjz0M2eovBXQc\nD9bD7LrUpodiqkSobB4bEevpD9P8E/T/eRSBxjomKLv5DKHPT4eh/K2EU6R6ubVi\nGGNlT9DJrIxcTJIB2y/yfs8msV2w2/gZDLKJZP4Zh6t8G1sjI17iEaxpOph67aq2\nX0d+P7+7q1mUBa47JEQ+HIUNlfHtBL825cnmHD2Vn1WELQLKZfXBl+nPM9l9naRc\n3vYIvR7xJ5c4bqFx7N9xwGdQ5TRIoDijqADwggGwOZEiVZ7PWifj/iCLUz4Ks4hr\noGVE1UxN1oSX63D44ZQyfiyIWIiMtDV9V4J6mUoUnZ6RTTMoRRAF9DcSVF5/wmHk\nodYnMeouHc543ZyVBtdtwJ/tbuBvTOjzpNn0+UgiyRL9wG/xxQq+gB4vwgSEviek\nbBhyvdxLVWW0ULwFeN5rI5bCQBkv6BB9OSyhD6sMRrp59NAgBBS2nstZG1RAt7XL\n2KZ1GpoNcuDRLj7ElxAfeJuPM1dFVTK48SH56M1FElz/QowZVOXyKgUoaeVTUyAC\n3WOACmFAosFIclCbr8z8yGynX2bsCGBNKv4pKoHlyZCyFHCQw9L6uR2gRkOp86+M\niqHtE2L1WUZvUMCIKxfdixILEfoacSVCxr3+v4SSDOcEbSDYEIA=\n=mUkG\n-----END PGP SIGNATURE-----\n\n\n\n. \nCVE-2021-1782: an anonymous researcher\n\nMessages\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A privacy issue existed in the handling of Contact\ncards. \nCVE-2021-1753: Mickey Jin of Trend Micro\nEntry added February 1, 2021\n\nPhone Keypad\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: An attacker with physical access to a device may be able to\nsee private contact information\nDescription: A lock screen issue allowed access to contacts on a\nlocked device",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1744"
      },
      {
        "db": "VULHUB",
        "id": "VHN-376404"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1744"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161245"
      },
      {
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      }
    ],
    "trust": 1.44
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-376404",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376404"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1744",
        "trust": 2.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161245",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0354",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-118",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "161248",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161246",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161247",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-376404",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1744",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376404"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1744"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161245"
      },
      {
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1744"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-118"
      }
    ]
  },
  "id": "VAR-202104-0625",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376404"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:14:55.438000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple ImageIO Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140667"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-118"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376404"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1744"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212146"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212147"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212148"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212149"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1744"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34452"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0354/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161245/apple-security-advisory-2021-02-01-1.html"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1757"
      },
      {
        "trust": 0.4,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1743"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1758"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1750"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1746"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1747"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1741"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1760"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1766"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1769"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1761"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1748"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1764"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1773"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1776"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1778"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1772"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1789"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1783"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1787"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1785"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1791"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1786"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1792"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1782"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1753"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1745"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1759"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/fulldisclosure/2021/feb/17"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1793"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212148."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1742"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1751"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27945"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212147."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29633"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1754"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27904"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29608"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29614"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212146."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1762"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1767"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1756"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1763"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212149."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376404"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1744"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161245"
      },
      {
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1744"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-118"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-376404"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1744"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161245"
      },
      {
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1744"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-118"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-376404"
      },
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1744"
      },
      {
        "date": "2021-02-02T16:09:50",
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "date": "2021-02-02T16:06:51",
        "db": "PACKETSTORM",
        "id": "161245"
      },
      {
        "date": "2021-02-02T16:08:18",
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "date": "2021-02-02T16:08:52",
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "date": "2021-04-02T18:15:19.357000",
        "db": "NVD",
        "id": "CVE-2021-1744"
      },
      {
        "date": "2021-02-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-118"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-376404"
      },
      {
        "date": "2021-04-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1744"
      },
      {
        "date": "2021-04-12T13:55:37.397000",
        "db": "NVD",
        "id": "CVE-2021-1744"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-118"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-118"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple ImageIO Buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-118"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-118"
      }
    ],
    "trust": 0.6
  }
}

gsd-2021-1744

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Aliases

CVE-2021-1744

Aliases

CVE-2021-1744

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-1744",
    "description": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",
    "id": "GSD-2021-1744"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-1744"
      ],
      "details": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",
      "id": "GSD-2021-1744",
      "modified": "2023-12-13T01:23:22.721299Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2021-1744",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Processing a maliciously crafted image may lead to arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT212147",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212147"
          },
          {
            "name": "https://support.apple.com/en-us/HT212146",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212146"
          },
          {
            "name": "https://support.apple.com/en-us/HT212148",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212148"
          },
          {
            "name": "https://support.apple.com/en-us/HT212149",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212149"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.7",
                "versionStartIncluding": "10.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2",
                "versionStartIncluding": "11.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-1744"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212146",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212146"
            },
            {
              "name": "https://support.apple.com/en-us/HT212149",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212149"
            },
            {
              "name": "https://support.apple.com/en-us/HT212147",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212147"
            },
            {
              "name": "https://support.apple.com/en-us/HT212148",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212148"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-04-12T13:55Z",
      "publishedDate": "2021-04-02T18:15Z"
    }
  }
}

Action not permitted

cve-2021-1744

Vulnerability from cvelistv5

ghsa-pfvx-gwp8-9rx2

Vulnerability from github

var-202104-0625

Vulnerability from variot

gsd-2021-1744

Vulnerability from gsd

Tags