CVE-2021-30928

CWE-787Out-of-bounds Write9 documents3 sources
Severity
7.8HIGH
EPSS
0.4%
top 38.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple MacosApple TvosApple Watchos+3 more
Timeline
PublishedAug 24
Latest updateNov 10

Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, watchOS 8, tvOS 15, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

NVDapple/ipados< 14.8
CVEListV5apple/tvosunspecified15
NVDapple/tvos< 15.0
CVEListV5apple/macosunspecified11.6+2
NVDapple/macos11.011.6

🔴Vulnerability Details

1
CVEList
CVE-2021-30928: A memory corruption issue was addressed with improved input validation2021-08-24

📋Vendor Advisories

7
Apple
CVE-2021-30928: iCloud for Windows 132021-11-10
Apple
CVE-2021-30928: tvOS 152021-09-20
Apple
CVE-2021-30928: iTunes 12.12 for Windows2021-09-20
Apple
CVE-2021-30928: watchOS 82021-09-20
Apple
CVE-2021-30928: iOS 15 and iPadOS 152021-09-20
CVE-2021-30928 (HIGH CVSS 7.8) | A memory corruption issue was addre | cvebase.io