CVE-2021-30926 — Out-of-bounds Write in Apple IOS AND Ipados

CWE-787 — Out-of-bounds Write8 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 43.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Watchos +4 more

Timeline

PublishedAug 24

Latest updateDec 13

Description

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

▶NVDapple/tvos< 15.2

▶CVEListV5apple/macosunspecified — 12.1+1

▶NVDapple/macos11.0 — 11.6.1+1

▶NVDapple/ipados< 14.8.1

▶CVEListV5apple/watchosunspecified — 8.3

🔴Vulnerability Details

CVEList

CVE-2021-30926: Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation↗2021-08-24

▶

📋Vendor Advisories

Apple

CVE-2021-30926: macOS Monterey 12.1↗2021-12-13

▶

Apple

CVE-2021-30926: watchOS 8.3↗2021-12-13

▶

Apple

CVE-2021-30926: tvOS 15.2↗2021-12-13

▶

Apple

CVE-2021-30926: iOS 14.8.1 and iPadOS 14.8.1↗2021-10-26

▶

Apple

CVE-2021-30926: macOS Big Sur 11.6.1↗2021-10-25

▶