Apple tvOS Image out-of-bounds write

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in Apple tvOS (Digital Media Player) (version unknown). Affected is an unknown functionality of the component Image Handler. Upgrading eliminates this vulnerability.

Field04/03/2021 11:08 AM04/08/2021 04:07 PM
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_sUU
cvss3_vuldb_eXX
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore5.24.5
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.55.3
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.55.3
price_0day$5k-$25k$5k-$25k
vendorAppleApple
nametvOStvOS
componentImage HandlerImage Handler
cwe787 (memory corruption)787 (memory corruption)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
nameUpgradeUpgrade
cveCVE-2020-9955CVE-2020-9955
date1617400800 (04/03/2021)1617400800 (04/03/2021)
typeDigital Media PlayerDigital Media Player
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cve_assigned1583103600
cve_nvd_summaryAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.

Do you know our Splunk app?

Download it now for free!