Apple watchOS ImageIO out-of-bounds read

A vulnerability was found in Apple watchOS (Smartwatch Operating System) (the affected version is unknown). It has been declared as critical. This vulnerability affects some unknown functionality of the component ImageIO. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field	04/03/2021 11:26 AM	04/08/2021 05:44 PM
vendor	Apple	Apple
name	watchOS	watchOS
component	ImageIO	ImageIO
cwe	125 (information disclosure)	125 (information disclosure)
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_rc	C	C
date	1612134000 (02/01/2021)	1612134000 (02/01/2021)
location	Website	Website
type	Advisory	Advisory
person_name	Xingwei Lin	Xingwei Lin
disputed	0	0
name	Upgrade	Upgrade
date	1612134000 (02/01/2021)	1612134000 (02/01/2021)
cve	CVE-2021-1741	CVE-2021-1741
cve_assigned	1607382000	1607382000
cve_nvd_summary		An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.
type		Smartwatch Operating System
cvss2_vuldb_basescore		7.5
cvss2_vuldb_tempscore		6.5
cvss3_vuldb_basescore		6.3
cvss3_vuldb_tempscore		6.0
cvss3_meta_basescore		6.3
cvss3_meta_tempscore		6.0
price_0day		$0-$5k

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!