Apple watchOS FontParser buffer overflow

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in Apple watchOS (Smartwatch Operating System) (affected version not known). Affected by this issue is some unknown functionality of the component FontParser. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field04/03/2021 11:14 AM04/08/2021 04:40 PM
cvss3_vuldb_aLL
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
date1607900400 (12/14/2020)1607900400 (12/14/2020)
locationWebsiteWebsite
typeAdvisoryAdvisory
person_nameYiğit Can YilmazYiğit Can Yilmaz
disputed00
nameUpgradeUpgrade
date1607900400 (12/14/2020)1607900400 (12/14/2020)
cveCVE-2020-9962CVE-2020-9962
cve_assigned15831036001583103600
vendorAppleApple
namewatchOSwatchOS
componentFontParserFontParser
cwe120 (memory corruption)120 (memory corruption)
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cve_nvd_summaryA buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution.
typeSmartwatch Operating System
cvss2_vuldb_basescore7.5
cvss2_vuldb_tempscore6.5
cvss3_vuldb_basescore6.3
cvss3_vuldb_tempscore6.0
cvss3_meta_basescore6.3
cvss3_meta_tempscore6.0
price_0day$5k-$25k

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!