CVE-2021-31013 — Out-of-bounds Read in Apple Macos

CWE-125 — Out-of-bounds Read5 documents2 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 44.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Ipados Apple Iphone OS +4 more

Timeline

PublishedAug 24

Latest updateDec 13

Description

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted font may result in the disclosure of process memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶Appleapple/macos_monterey12.1

▶CVEListV5apple/macosunspecified — 12.1+2

▶NVDapple/macos11.0 — 11.6.2+1

▶Appleapple/macos_big_sur11.6.2

▶NVDapple/ipados< 15.2

📋Vendor Advisories

Apple

CVE-2021-31013: macOS Big Sur 11.6.2↗2021-12-13

▶

Apple

CVE-2021-31013: macOS Monterey 12.1↗2021-12-13

▶

Apple

CVE-2021-31013: watchOS 8.3↗2021-12-13

▶

Apple

CVE-2021-31013: tvOS 15.2↗2021-12-13

▶