var-202104-0648
Vulnerability from variot

An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. Apple ImageIO is a necessary component for parsing and writing image data in IOS mobile devices of Apple Corporation in the United States. There is a resource management error vulnerability in Apple ImageIO. The vulnerability originates from the boundary condition when processing image files in the curl implementation in the ImageIO component of macOS. A remote attacker could create a specially crafted file that tricks the victim into opening it, triggering an out-of-bounds read error and crashing the system. Vulnerabilities exist in the following product or version: macOS Big Sur 11.0.1. Apple macOS could allow a remote malicious user to execute arbitrary code on the system, caused by an access issue in the ImageIO component. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-02-01-3 Additional information for APPLE-SA-2021-01-26-2 tvOS 14.4

tvOS 14.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212149.

Analytics Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2021-1761: Cees Elzinga Entry added February 1, 2021

APFS Available for: Apple TV 4K and Apple TV HD Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann Entry added February 1, 2021

CoreAnimation Available for: Apple TV 4K and Apple TV HD Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed with improved state management. CVE-2021-1760: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021

CoreAudio Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab Entry added February 1, 2021

CoreGraphics Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1776: Ivan Fratric of Google Project Zero Entry added February 1, 2021

CoreMedia Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT Entry added February 1, 2021

CoreText Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-1772: Mickey Jin of Trend Micro Entry added February 1, 2021

CoreText Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021

Crash Reporter Available for: Apple TV 4K and Apple TV HD Impact: A local user may be able to create or modify system files Description: A logic issue was addressed with improved state management. CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security Entry added February 1, 2021

Crash Reporter Available for: Apple TV 4K and Apple TV HD Impact: A local attacker may be able to elevate their privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1787: James Hutchins Entry added February 1, 2021

FairPlay Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro Entry added February 1, 2021

FontParser Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1758: Peter Nguyen of STAR Labs Entry added February 1, 2021

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2021-1766: Danny Rosseau of Carve Systems Entry added February 1, 2021

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-1818: Xingwei Lin from Ant-financial Light-Year Security Lab Entry added February 1, 2021

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Qi Sun of Trend Micro CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to a denial of service Description: An out-of-bounds read issue existed in the curl. CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An access issue was addressed with improved memory management. CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

IOSkywalkFamily Available for: Apple TV 4K and Apple TV HD Impact: A local attacker may be able to elevate their privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Entry added February 1, 2021

iTunes Store Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution Description: A validation issue was addressed with improved input sanitization. CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021

Kernel Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause a denial of service Description: A use after free issue was addressed with improved memory management. CVE-2021-1764: Maxime Villard (m00nbsd) Entry added February 1, 2021

Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1750: @0xalsr Entry added February 1, 2021

Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1782: an anonymous researcher

Swift Available for: Apple TV 4K and Apple TV HD Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved validation. CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1788: Francisco Alonso (@revskills) Entry added February 1, 2021

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-1789: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Maliciously crafted web content may violate iframe sandboxing policy Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1801: Eliya Stein of Confiant Entry added February 1, 2021

WebRTC Available for: Apple TV 4K and Apple TV HD Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed with additional port validation. CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar Entry added February 1, 2021

Additional recognition

iTunes Store We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021

Kernel We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance. Entry added February 1, 2021

libpthread We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021

Store Demo We would like to acknowledge @08Tc3wBB for their assistance. Entry added February 1, 2021

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtcACgkQZcsbuWJ6 jjC2WQ//bJVyj/RBYwoj3boUw/SH7hZ+n6Ho3KPRZQE2XWZ0KSODHSoXOgaf5xX7 xWAf5vbOGdEueWj476hmlZZPediB7SJK6xEkvg3SKzZrc5+MlgRUjnrNd/qygi75 tPXjpkyIAHBY5Ik+uoSyxkLkCn3i50KFwtJCmyibl3ayb1XA2/jUA4FtQkhz3HrM ZhMkBPOSObKkGiyj90eBNmeJRSwrxvBQPcp/EwqHbND+Y8UYAQ9ZDbHXWBVuDeRV R1No2qLit0TCs6MZnVP2CKNprXMy/bHLlNeVYGGIu1W+qQ3I30XvlY69VcH6JdVF xz6JIiXAJoOYDUFzesY2b8kMe7jiZnnDK+gWHeodV4oirsImITTlGY4gdiGb30Ag 2XDFpGedK0g+fD+SKI0lCOColTi6IEtTRm4/0ClI0HMc0akJn3qZXOz+iXzTZCa3 tssd6H2lZAW98GmsnMazUdEyGR+9I9RSvaJkLNOBxgDG+NURoTJ6vxHH2B3DYb/+ i+blVGMt7EBIZNwloOR8Fc+Ho5YTCFIwSxeqUzS9Vw53Bx7qA0AVd6CPPJSctWZ0 WKg1N3iW+dBWLWr43idEUNgUADL8Ya35Q6EwW+FxMHLwS11d7xA24AT14vJyi+4w ftTKFGZsNaUGMo2dCZNUnyC23xv3R8GYso0jc3DL4e1pAmeW2Rk=0JBx -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0648",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1783"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.14.6",
                "versionStartIncluding": "10.14",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.7",
                "versionStartIncluding": "10.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1783"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-083"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2021-1783",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-376443",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-1783",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-083",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-376443",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376443"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-083"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. Apple ImageIO is a necessary component for parsing and writing image data in IOS mobile devices of Apple Corporation in the United States. There is a resource management error vulnerability in Apple ImageIO. The vulnerability originates from the boundary condition when processing image files in the curl implementation in the ImageIO component of macOS. A remote attacker could create a specially crafted file that tricks the victim into opening it, triggering an out-of-bounds read error and crashing the system. Vulnerabilities exist in the following product or version: macOS Big Sur 11.0.1. Apple macOS could allow a remote malicious user to execute arbitrary code on the system, caused by an access issue in the ImageIO component. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-02-01-3 Additional information for\nAPPLE-SA-2021-01-26-2 tvOS 14.4\n\ntvOS 14.4 addresses the following issues. Information about the\nsecurity content is also available at\nhttps://support.apple.com/HT212149. \n\nAnalytics\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2021-1761: Cees Elzinga\nEntry added February 1, 2021\n\nAPFS\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A local user may be able to read arbitrary files\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1797: Thomas Tempelmann\nEntry added February 1, 2021\n\nCoreAnimation\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application could execute arbitrary code leading\nto compromise of user information\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1760: @S0rryMybad of 360 Vulcan Team\nEntry added February 1, 2021\n\nCoreAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nCoreGraphics\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1776: Ivan Fratric of Google Project Zero\nEntry added February 1, 2021\n\nCoreMedia\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT\nEntry added February 1, 2021\n\nCoreText\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A stack overflow was addressed with improved input\nvalidation. \nCVE-2021-1772: Mickey Jin of Trend Micro\nEntry added February 1, 2021\n\nCoreText\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1792: Mickey Jin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nCrash Reporter\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A local user may be able to create or modify system files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added February 1, 2021\n\nCrash Reporter\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A local attacker may be able to elevate their privileges\nDescription: Multiple issues were addressed with improved logic. \nCVE-2021-1787: James Hutchins\nEntry added February 1, 2021\n\nFairPlay\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to disclose kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. \nCVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun \u0026 Mickey Jin of Trend\nMicro\nEntry added February 1, 2021\n\nFontParser\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1758: Peter Nguyen of STAR Labs\nEntry added February 1, 2021\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: This issue was addressed with improved checks. \nCVE-2021-1766: Danny Rosseau of Carve Systems\nEntry added February 1, 2021\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1818: Xingwei Lin from Ant-financial Light-Year Security Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey\nJin \u0026 Qi Sun of Trend Micro\nCVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey\nJin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An out-of-bounds read issue existed in the curl. \nCVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nIOSkywalkFamily\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A local attacker may be able to elevate their privileges\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba\nSecurity\nEntry added February 1, 2021\n\niTunes Store\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted URL may lead to arbitrary\njavascript code execution\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs\nEntry added February 1, 2021\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1764: Maxime Villard (m00nbsd)\nEntry added February 1, 2021\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple issues were addressed with improved logic. \nCVE-2021-1750: @0xalsr\nEntry added February 1, 2021\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to elevate privileges. \nApple is aware of a report that this issue may have been actively\nexploited. \nCVE-2021-1782: an anonymous researcher\n\nSwift\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs\nEntry added February 1, 2021\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1788: Francisco Alonso (@revskills)\nEntry added February 1, 2021\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-1789: @S0rryMybad of 360 Vulcan Team\nEntry added February 1, 2021\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Maliciously crafted web content may violate iframe sandboxing\npolicy\nDescription: This issue was addressed with improved iframe sandbox\nenforcement. \nCVE-2021-1801: Eliya Stein of Confiant\nEntry added February 1, 2021\n\nWebRTC\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious website may be able to access restricted ports on\narbitrary servers\nDescription: A port redirection issue was addressed with additional\nport validation. \nCVE-2021-1799: Gregory Vishnepolsky \u0026 Ben Seri of Armis Security, and\nSamy Kamkar\nEntry added February 1, 2021\n\nAdditional recognition\n\niTunes Store\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year\nLabs for their assistance. \nEntry added February 1, 2021\n\nKernel\nWe would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin \u0026 Jesse\nChange of Trend Micro for their assistance. \nEntry added February 1, 2021\n\nlibpthread\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year\nLabs for their assistance. \nEntry added February 1, 2021\n\nStore Demo\nWe would like to acknowledge @08Tc3wBB for their assistance. \nEntry added February 1, 2021\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtcACgkQZcsbuWJ6\njjC2WQ//bJVyj/RBYwoj3boUw/SH7hZ+n6Ho3KPRZQE2XWZ0KSODHSoXOgaf5xX7\nxWAf5vbOGdEueWj476hmlZZPediB7SJK6xEkvg3SKzZrc5+MlgRUjnrNd/qygi75\ntPXjpkyIAHBY5Ik+uoSyxkLkCn3i50KFwtJCmyibl3ayb1XA2/jUA4FtQkhz3HrM\nZhMkBPOSObKkGiyj90eBNmeJRSwrxvBQPcp/EwqHbND+Y8UYAQ9ZDbHXWBVuDeRV\nR1No2qLit0TCs6MZnVP2CKNprXMy/bHLlNeVYGGIu1W+qQ3I30XvlY69VcH6JdVF\nxz6JIiXAJoOYDUFzesY2b8kMe7jiZnnDK+gWHeodV4oirsImITTlGY4gdiGb30Ag\n2XDFpGedK0g+fD+SKI0lCOColTi6IEtTRm4/0ClI0HMc0akJn3qZXOz+iXzTZCa3\ntssd6H2lZAW98GmsnMazUdEyGR+9I9RSvaJkLNOBxgDG+NURoTJ6vxHH2B3DYb/+\ni+blVGMt7EBIZNwloOR8Fc+Ho5YTCFIwSxeqUzS9Vw53Bx7qA0AVd6CPPJSctWZ0\nWKg1N3iW+dBWLWr43idEUNgUADL8Ya35Q6EwW+FxMHLwS11d7xA24AT14vJyi+4w\nftTKFGZsNaUGMo2dCZNUnyC23xv3R8GYso0jc3DL4e1pAmeW2Rk=0JBx\n-----END PGP SIGNATURE-----\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-376443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1783"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      }
    ],
    "trust": 1.26
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-376443",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376443"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1783",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "161247",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0354",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-083",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "161248",
        "trust": 0.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-17223",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-376443",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1783",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1783"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-083"
      }
    ]
  },
  "id": "VAR-202104-0648",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376443"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:15:46.040000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple ImageIO Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140653"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-083"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1783"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212146"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212147"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212148"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212149"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1783"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34452"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161247/apple-security-advisory-2021-02-01-3.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0354/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1789"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1760"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1766"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1787"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1757"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1785"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1769"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1761"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1744"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1748"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1764"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1773"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1776"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1791"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1778"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1786"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1772"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1743"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1758"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1792"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1782"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1750"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1746"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1747"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1741"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195899"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1793"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212148."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1759"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212149."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1783"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-083"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-376443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1783"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-083"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-376443"
      },
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1783"
      },
      {
        "date": "2021-02-02T16:09:50",
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "date": "2021-02-02T16:08:52",
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "date": "2021-04-02T18:15:21.437000",
        "db": "NVD",
        "id": "CVE-2021-1783"
      },
      {
        "date": "2021-02-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-083"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-376443"
      },
      {
        "date": "2021-04-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1783"
      },
      {
        "date": "2021-04-09T18:18:40.853000",
        "db": "NVD",
        "id": "CVE-2021-1783"
      },
      {
        "date": "2021-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-083"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-083"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple ImageIO Resource Management Error Vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-083"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-083"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.