← Voltar para CVEs

CVE-2020-27944

HIGH

7.8

Descricao

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.

Detalhes CVE

Pontuacao CVSS v3.17.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado4/2/2021

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

apple:ipad_osapple:iphone_osapple:macosapple:tvosapple:watchos

Fraquezas (CWE)

CWE-787

Referencias

https://support.apple.com/en-us/HT212003(product-security@apple.com)

https://support.apple.com/en-us/HT212005(product-security@apple.com)

https://support.apple.com/en-us/HT212009(product-security@apple.com)

https://support.apple.com/en-us/HT212011(product-security@apple.com)

https://support.apple.com/en-us/HT212003(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT212005(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT212009(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT212011(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.