Details of VAR-202109-1312

ID

VAR-202109-1312

CVE

CVE-2021-30662

TITLE

iOS and iPadOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013604

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution. iOS and iPadOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ImageIO framework. Crafted data in a TIFF image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The specific flaw exists within the ImageIO framework

Trust: 2.97

sources: NVD: CVE-2021-30662 // JVNDB: JVNDB-2021-013604 // ZDI: ZDI-21-891 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390395 // VULMON: CVE-2021-30662

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	14.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.5	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-891 // JVNDB: JVNDB-2021-013604 // NVD: CVE-2021-30662

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30662
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-30662
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-30662
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-1729
value:	HIGH
Trust: 0.6
VULHUB:	VHN-390395
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30662
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-390395
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30662
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30662
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2021-30662
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-891 // VULHUB: VHN-390395 // JVNDB: JVNDB-2021-013604 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1729 // NVD: CVE-2021-30662

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-013604 // NVD: CVE-2021-30662

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1729

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	HT212317 Apple Security update	url:	https://support.apple.com/en-us/HT212317	Trust: 0.8
title:	Apple macOS Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157445	Trust: 0.6

sources: JVNDB: JVNDB-2021-013604 // CNNVD: CNNVD-202107-1729

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30662	Trust: 4.1
db:	ZDI	id:	ZDI-21-891	Trust: 1.4
db:	JVNDB	id:	JVNDB-2021-013604	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12811	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021072245	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-1729	Trust: 0.6
db:	VULHUB	id:	VHN-390395	Trust: 0.1
db:	VULMON	id:	CVE-2021-30662	Trust: 0.1

sources: ZDI: ZDI-21-891 // VULHUB: VHN-390395 // VULMON: CVE-2021-30662 // JVNDB: JVNDB-2021-013604 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1729 // NVD: CVE-2021-30662

REFERENCES

url:	https://support.apple.com/en-us/ht212317	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30662	Trust: 1.4
url:	https://www.zerodayinitiative.com/advisories/zdi-21-891/	Trust: 0.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072245	Trust: 0.6

sources: VULHUB: VHN-390395 // VULMON: CVE-2021-30662 // JVNDB: JVNDB-2021-013604 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1729 // NVD: CVE-2021-30662

CREDITS

Anonymous

Trust: 1.3

sources: ZDI: ZDI-21-891 // CNNVD: CNNVD-202107-1729

SOURCES

db:	ZDI	id:	ZDI-21-891
db:	VULHUB	id:	VHN-390395
db:	VULMON	id:	CVE-2021-30662
db:	JVNDB	id:	JVNDB-2021-013604
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-1729
db:	NVD	id:	CVE-2021-30662

LAST UPDATE DATE

2024-08-14T13:18:46.012000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-891	date:	2021-07-22T00:00:00
db:	VULHUB	id:	VHN-390395	date:	2021-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-013604	date:	2022-09-16T08:05:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-1729	date:	2021-09-18T00:00:00
db:	NVD	id:	CVE-2021-30662	date:	2021-09-20T12:26:52.893

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-891	date:	2021-07-22T00:00:00
db:	VULHUB	id:	VHN-390395	date:	2021-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-013604	date:	2022-09-16T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-1729	date:	2021-07-22T00:00:00
db:	NVD	id:	CVE-2021-30662	date:	2021-09-08T15:15:13.370