cve-2021-30917
Vulnerability from cvelistv5
Published
2021-08-24 18:50
Modified
2024-08-03 22:48
Severity ?
EPSS score ?
Summary
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:48:13.815Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212869" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212871" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212872" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212867" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212868" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212874" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212876" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/165075/Apple-ColorSync-CMMNDimLinear-Interpolate-Uninitialized-Memory.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "15.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "14.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "2021", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "8.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing a maliciously crafted image may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-24T18:06:10", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212869" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212871" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212872" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212867" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212868" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212874" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212876" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/165075/Apple-ColorSync-CMMNDimLinear-Interpolate-Uninitialized-Memory.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-30917", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "iOS and iPadOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.1" } ] } }, { "product_name": "iOS and iPadOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "14.8" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.0" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2021" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.1" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.1" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing a maliciously crafted image may lead to arbitrary code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT212869", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212869" }, { "name": "https://support.apple.com/en-us/HT212871", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212871" }, { "name": "https://support.apple.com/en-us/HT212872", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212872" }, { "name": "https://support.apple.com/en-us/HT212867", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212867" }, { "name": "https://support.apple.com/en-us/HT212868", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212868" }, { "name": "https://support.apple.com/en-us/HT212874", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212874" }, { "name": "https://support.apple.com/en-us/HT212876", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212876" }, { "name": "http://packetstormsecurity.com/files/165075/Apple-ColorSync-CMMNDimLinear-Interpolate-Uninitialized-Memory.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/165075/Apple-ColorSync-CMMNDimLinear-Interpolate-Uninitialized-Memory.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-30917", "datePublished": "2021-08-24T18:50:20", "dateReserved": "2021-04-13T00:00:00", "dateUpdated": "2024-08-03T22:48:13.815Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-30917\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-08-24T19:15:19.343\",\"lastModified\":\"2023-11-07T03:33:51.020\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se present\u00f3 un problema de corrupci\u00f3n de memoria en el procesamiento de perfiles ICC. Este problema se abord\u00f3 con una comprobaci\u00f3n de la entrada mejorada. Este problema se corrigi\u00f3 en iOS versi\u00f3n 15.1 y iPadOS versi\u00f3n 15.1, macOS Monterey versi\u00f3n 12.0.1, iOS versi\u00f3n 14.8.1 y iPadOS versi\u00f3n 14.8.1, tvOS versi\u00f3n 15.1, watchOS versi\u00f3n 8.1, Security Update 2021-007 Catalina, macOS Big Sur versi\u00f3n 11.6.1. El procesamiento de una imagen maliciosamente dise\u00f1ada puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.8.1\",\"matchCriteriaId\":\"A9DB9916-6DA1-4A32-86A2-AD8DC5246709\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6361C54F-4F5D-4624-8A1F-69DBC6AD4A69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.8.1\",\"matchCriteriaId\":\"54888682-EF77-4F2A-B07F-AA86B0C65717\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A332DEC8-FB74-404E-BE6A-46DB0DEDAA59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.15.7\",\"matchCriteriaId\":\"EF8C1CB5-DACB-449C-9E07-E477142C589F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A654B8A2-FC30-4171-B0BB-366CD7ED4B6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F4BF7F-90D4-4668-B4E6-B06F4070F448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F441A43-1669-478D-9EC8-E96882DE4F9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"D425C653-37A2-448C-BF2F-B684ADB08A26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"A54D63B7-B92B-47C3-B1C5-9892E5873A98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*\",\"matchCriteriaId\":\"3456176F-9185-4EE2-A8CE-3D989D674AB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*\",\"matchCriteriaId\":\"D337EE21-2F00-484D-9285-F2B0248D7A19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*\",\"matchCriteriaId\":\"012052B5-9AA7-4FD3-9C80-5F615330039D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1C795B9-E58D-467C-83A8-2D45C792292F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.6.1\",\"matchCriteriaId\":\"3ADD7C81-7CB2-4505-ACA0-9EC193E347D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1974DC5F-8F37-4582-B597-E58C94189193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.1\",\"matchCriteriaId\":\"9A76BB8B-613D-46B7-80F8-83B6EF76F344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.1\",\"matchCriteriaId\":\"A82F66E5-A6BF-4D7A-8DCA-DD4C35723936\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/165075/Apple-ColorSync-CMMNDimLinear-Interpolate-Uninitialized-Memory.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212867\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212868\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212869\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212871\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212872\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212874\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212876\",\"source\":\"product-security@apple.com\"}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.