Apple watchOS FontParser buffer overflow

A vulnerability, which was classified as critical, has been found in Apple watchOS (Smartwatch Operating System) (affected version not known). Affected by this issue is some unknown functionality of the component FontParser. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field	04/03/2021 11:14 AM	04/08/2021 04:40 PM
cvss3_vuldb_a	L	L
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_rc	C	C
date	1607900400 (12/14/2020)	1607900400 (12/14/2020)
location	Website	Website
type	Advisory	Advisory
person_name	Yiğit Can Yilmaz	Yiğit Can Yilmaz
disputed	0	0
name	Upgrade	Upgrade
date	1607900400 (12/14/2020)	1607900400 (12/14/2020)
cve	CVE-2020-9962	CVE-2020-9962
cve_assigned	1583103600	1583103600
vendor	Apple	Apple
name	watchOS	watchOS
component	FontParser	FontParser
cwe	120 (memory corruption)	120 (memory corruption)
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cve_nvd_summary		A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution.
type		Smartwatch Operating System
cvss2_vuldb_basescore		7.5
cvss2_vuldb_tempscore		6.5
cvss3_vuldb_basescore		6.3
cvss3_vuldb_tempscore		6.0
cvss3_meta_basescore		6.3
cvss3_meta_tempscore		6.0
price_0day		$5k-$25k

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!