CVE-2021-30860
published 2021-08-24CVE-2021-30860: An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | ios_14.8_and_ipados | — | — |
| apple | ipados | < 14.8 | 14.8 |
| apple | iphone_os | < 12.5.5 | 12.5.5 |
| apple | iphone_os | >= 13.0 < 14.8 | 14.8 |
| apple | mac_os_x | — | — |
| apple | mac_os_x | >= 10.15 < 10.15.7 | 10.15.7 |
| apple | macos | < 11.6 | 11.6 |
| apple | macos_big_sur | — | — |
| apple | security_update_2021-005_catalina | — | — |
| apple | watchos | < 7.6.2 | 7.6.2 |
| apple | watchos | — | — |
| freedesktop | poppler | < 22.09.0 | 22.09.0 |
| xpdfreader | xpdf | < 4.04 | 4.04 |
| xpdfreader | xpdf | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vulncheck7.8HIGH
cisa7.8HIGH