ID

VAR-202109-1422


CVE

CVE-2021-30764


TITLE

(0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-893

DESCRIPTION

Processing a maliciously crafted file may lead to arbitrary code execution. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. This issue was addressed with improved checks. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ImageIO framework. Crafted data in a WEBP file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-30764 // ZDI: ZDI-21-893 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390497 // VULMON: CVE-2021-30764

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:14.5

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.4

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.5

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.5

Trust: 1.0

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-893 // NVD: CVE-2021-30764

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30764
value: HIGH

Trust: 1.0

ZDI: CVE-2021-30764
value: LOW

Trust: 0.7

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-1711
value: HIGH

Trust: 0.6

VULHUB: VHN-390497
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30764
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-390497
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30764
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2021-30764
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-893 // VULHUB: VHN-390497 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1711 // NVD: CVE-2021-30764

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2021-30764

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1711

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Apple macOS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157432

Trust: 0.6

sources: CNNVD: CNNVD-202107-1711

EXTERNAL IDS

db:NVDid:CVE-2021-30764

Trust: 2.5

db:ZDIid:ZDI-21-893

Trust: 1.4

db:ZDI_CANid:ZDI-CAN-12843

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021072243

Trust: 0.6

db:CNNVDid:CNNVD-202107-1711

Trust: 0.6

db:VULHUBid:VHN-390497

Trust: 0.1

db:VULMONid:CVE-2021-30764

Trust: 0.1

sources: ZDI: ZDI-21-893 // VULHUB: VHN-390497 // VULMON: CVE-2021-30764 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1711 // NVD: CVE-2021-30764

REFERENCES

url:https://support.apple.com/en-us/ht212317

Trust: 1.7

url:https://support.apple.com/en-us/ht212323

Trust: 1.7

url:https://support.apple.com/en-us/ht212324

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-21-893/

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-30764

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072243

Trust: 0.6

sources: VULHUB: VHN-390497 // VULMON: CVE-2021-30764 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1711 // NVD: CVE-2021-30764

CREDITS

Anonymous

Trust: 1.3

sources: ZDI: ZDI-21-893 // CNNVD: CNNVD-202107-1711

SOURCES

db:ZDIid:ZDI-21-893
db:VULHUBid:VHN-390497
db:VULMONid:CVE-2021-30764
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-1711
db:NVDid:CVE-2021-30764

LAST UPDATE DATE

2024-08-14T13:03:43.708000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-893date:2021-07-22T00:00:00
db:VULHUBid:VHN-390497date:2021-09-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-1711date:2021-09-16T00:00:00
db:NVDid:CVE-2021-30764date:2021-09-14T19:38:39.237

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-893date:2021-07-22T00:00:00
db:VULHUBid:VHN-390497date:2021-09-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-1711date:2021-07-22T00:00:00
db:NVDid:CVE-2021-30764date:2021-09-08T14:15:10.380