CVE-2020-9972Classic Buffer Overflow in Apple IOS AND Ipados

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.8HIGHNVD
EPSS
2.3%
top 15.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IOS AND IpadosApple Ipad OSApple Iphone OS+2 more
Timeline
PublishedDec 8
Latest updateMay 24

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDapple/ipad_os< 14.3
CVEListV5apple/ios_and_ipadosunspecified14.0
NVDapple/tvos< 14.3
NVDapple/macos< 11.1
NVDapple/iphone_os< 14.3

🔴Vulnerability Details

2
GHSA
GHSA-6rcv-8mm2-fprm: A buffer overflow issue was addressed with improved memory handling2022-05-24
CVEList
CVE-2020-9972: A buffer overflow issue was addressed with improved memory handling2020-12-08
CVE-2020-9972 — Classic Buffer Overflow in Apple | cvebase