Apple tvOS ImageIO out-of-bounds read

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Apple tvOS (Digital Media Player) (unknown version). It has been rated as critical. This issue affects an unknown part of the component ImageIO. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field04/03/2021 11:26 AM04/08/2021 05:48 PM
nameUpgradeUpgrade
date1612134000 (02/01/2021)1612134000 (02/01/2021)
cveCVE-2021-1741CVE-2021-1741
cve_assigned16073820001607382000
vendorAppleApple
nametvOStvOS
componentImageIOImageIO
cwe125 (information disclosure)125 (information disclosure)
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
date1612134000 (02/01/2021)1612134000 (02/01/2021)
locationWebsiteWebsite
typeAdvisoryAdvisory
person_nameXingwei LinXingwei Lin
disputed00
cve_nvd_summaryAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.
typeDigital Media Player
cvss2_vuldb_basescore7.5
cvss2_vuldb_tempscore6.5
cvss3_vuldb_basescore6.3
cvss3_vuldb_tempscore6.0
cvss3_meta_basescore6.3
cvss3_meta_tempscore6.0
price_0day$0-$5k

Might our Artificial Intelligence support you?

Check our Alexa App!