CVE-2021-30860
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
24/08/2021
Last modified:
27/10/2025
Description
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | 14.8 (excluding) | |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 12.5.5 (excluding) | |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 13.0 (including) | 14.8 (excluding) |
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | 10.15 (including) | 10.15.7 (excluding) |
| cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | 11.6 (excluding) | |
| cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* | 7.6.2 (excluding) | |
| cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:* | 4.04 (excluding) | |
| cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:* | 22.09.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/fulldisclosure/2021/Sep/25
- http://seclists.org/fulldisclosure/2021/Sep/26
- http://seclists.org/fulldisclosure/2021/Sep/27
- http://seclists.org/fulldisclosure/2021/Sep/28
- http://seclists.org/fulldisclosure/2021/Sep/38
- http://seclists.org/fulldisclosure/2021/Sep/39
- http://seclists.org/fulldisclosure/2021/Sep/40
- http://seclists.org/fulldisclosure/2021/Sep/50
- http://www.openwall.com/lists/oss-security/2022/09/02/11
- https://security.gentoo.org/glsa/202209-21
- https://support.apple.com/en-us/HT212804
- https://support.apple.com/en-us/HT212805
- https://support.apple.com/en-us/HT212806
- https://support.apple.com/en-us/HT212807
- https://support.apple.com/kb/HT212824
- http://seclists.org/fulldisclosure/2021/Sep/25
- http://seclists.org/fulldisclosure/2021/Sep/26
- http://seclists.org/fulldisclosure/2021/Sep/27
- http://seclists.org/fulldisclosure/2021/Sep/28
- http://seclists.org/fulldisclosure/2021/Sep/38
- http://seclists.org/fulldisclosure/2021/Sep/39
- http://seclists.org/fulldisclosure/2021/Sep/40
- http://seclists.org/fulldisclosure/2021/Sep/50
- http://www.openwall.com/lists/oss-security/2022/09/02/11
- https://security.gentoo.org/glsa/202209-21
- https://support.apple.com/en-us/HT212804
- https://support.apple.com/en-us/HT212805
- https://support.apple.com/en-us/HT212806
- https://support.apple.com/en-us/HT212807
- https://support.apple.com/kb/HT212824
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30860