CVE-2020-27933

CWE-787Out-of-bounds WriteCWE-119Buffer Overflow7 documents4 sources
Severity
7.8HIGH
EPSS
0.5%
top 34.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Apple IOS AND IpadosApple MacosApple Icloud+5 more
Timeline
PublishedApr 2
Latest updateMay 24

Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

NVDapple/tvos< 13.4.8
CVEListV5apple/macosunspecified10.15+3
NVDapple/icloud< 7.20
NVDapple/ipados< 13.6
NVDapple/watchos< 6.2.8

🔴Vulnerability Details

2
GHSA
GHSA-qvcp-2pcx-m92g: A memory corruption issue was addressed with improved input validation2022-05-24
CVEList
CVE-2020-27933: A memory corruption issue was addressed with improved input validation2021-04-02

📋Vendor Advisories

4
Apple
CVE-2020-27933: tvOS 13.4.82020-07-15
Apple
CVE-2020-27933: watchOS 6.2.82020-07-15
Apple
CVE-2020-27933: iOS 13.6 and iPadOS 13.62020-07-15
Apple
CVE-2020-27933: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra2020-07-15
CVE-2020-27933 (HIGH CVSS 7.8) | A memory corruption issue was addre | cvebase.io