Apple tvOS FontParser buffer overflow

A vulnerability, which was classified as critical, was found in Apple tvOS (Digital Media Player) (the affected version unknown). This affects an unknown part of the component FontParser. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field	04/03/2021 11:14 AM	04/08/2021 04:45 PM
vendor	Apple	Apple
name	tvOS	tvOS
component	FontParser	FontParser
cwe	120 (memory corruption)	120 (memory corruption)
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_rc	C	C
date	1607900400 (12/14/2020)	1607900400 (12/14/2020)
location	Website	Website
type	Advisory	Advisory
person_name	Yiğit Can Yilmaz	Yiğit Can Yilmaz
disputed	0	0
name	Upgrade	Upgrade
date	1607900400 (12/14/2020)	1607900400 (12/14/2020)
cve	CVE-2020-9962	CVE-2020-9962
cve_assigned	1583103600	1583103600
cve_nvd_summary		A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution.
type		Digital Media Player
cvss2_vuldb_basescore		7.5
cvss2_vuldb_tempscore		6.5
cvss3_vuldb_basescore		6.3
cvss3_vuldb_tempscore		6.0
cvss3_meta_basescore		6.3
cvss3_meta_tempscore		6.0
price_0day		$5k-$25k

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!