CVE-2020-36521Out-of-bounds Read in Apple Icloud FOR Windows

CWE-125Out-of-bounds Read8 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 65.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Apple Icloud FOR WindowsApple IOS AND IpadosApple Itunes FOR Windows+7 more
Timeline
PublishedSep 23
Latest updateSep 25

Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages11 packages

CVEListV5apple/icloud_for_windowsunspecified11.4+1
CVEListV5apple/itunes_for_windowsunspecified12.10
NVDapple/icloud11.011.4+1
NVDapple/tvos< 14.0
NVDapple/ipados< 14.0

🔴Vulnerability Details

2
GHSA
GHSA-f54m-mh6r-hqvj: An out-of-bounds read was addressed with improved input validation2022-09-25
CVEList
CVE-2020-36521: An out-of-bounds read was addressed with improved input validation2022-09-23

📋Vendor Advisories

5
Apple
CVE-2020-36521: iCloud for Windows 7.212020-09-24
Apple
CVE-2020-36521: iCloud for Windows 11.42020-09-24
Apple
CVE-2020-36521: watchOS 7.02020-09-16
Apple
CVE-2020-36521: iTunes 12.10.9 for Windows2020-09-16
Apple
CVE-2020-36521: tvOS 14.02020-09-16
CVE-2020-36521 — Out-of-bounds Read in Apple | cvebase