CVE-2020-27930 - Vulnerability Details - OpenCVE

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Apple	Ipados Iphone Os Mac Os X Macos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::
	cpe:2.3:o:apple:watchos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2020/Dec/32
https://support.apple.com/en-us/HT211928
https://support.apple.com/en-us/HT211929
https://support.apple.com/en-us/HT211931
https://support.apple.com/en-us/HT211940
https://support.apple.com/en-us/HT211944
https://support.apple.com/en-us/HT211945
https://support.apple.com/en-us/HT211946
https://support.apple.com/en-us/HT211947

History

Wed, 29 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-11-03'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2020-12-08T20:17:32.000Z

Updated: 2025-01-29T17:35:12.422Z

Reserved: 2020-10-27T00:00:00.000Z

Link: CVE-2020-27930

Vulnrichment

Updated: 2024-08-04T16:25:44.098Z

NVD

Status : Analyzed

Published: 2020-12-08T21:15:13.827

Modified: 2025-03-13T19:59:40.070

Link: CVE-2020-27930

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "7.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iOS and iPadOS", "vendor": "Apple", "versions": [{"lessThan": "14.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "12.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "6.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "5.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "2020", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "10.15", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Processing a maliciously crafted font may lead to arbitrary code execution..", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-05T17:06:19.000Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211931"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211928"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211929"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211940"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211944"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211945"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211946"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211947"}, {"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Dec/32"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-27930", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "7.1"}]}}, {"product_name": "iOS and iPadOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.2"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.0"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "12.4"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "6.2"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "2020"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "10.15"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing a maliciously crafted font may lead to arbitrary code execution.."}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT211931", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211931"}, {"name": "https://support.apple.com/en-us/HT211928", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211928"}, {"name": "https://support.apple.com/en-us/HT211929", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211929"}, {"name": "https://support.apple.com/en-us/HT211940", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211940"}, {"name": "https://support.apple.com/en-us/HT211944", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211944"}, {"name": "https://support.apple.com/en-us/HT211945", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211945"}, {"name": "https://support.apple.com/en-us/HT211946", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211946"}, {"name": "https://support.apple.com/en-us/HT211947", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211947"}, {"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Dec/32"}, {"name": "http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:25:44.098Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211931"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211928"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211929"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211940"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211944"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211945"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211946"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211947"}, {"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Dec/32"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T17:35:09.436681Z", "id": "CVE-2020-27930", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-27930"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:35:12.422Z"}}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-27930", "datePublished": "2020-12-08T20:17:32.000Z", "dateReserved": "2020-10-27T00:00:00.000Z", "dateUpdated": "2025-01-29T17:35:12.422Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT211931", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/en-us/HT211928", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/en-us/HT211929", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/en-us/HT211940", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/en-us/HT211944", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/en-us/HT211945", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/en-us/HT211946", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/en-us/HT211947", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2020/Dec/32", "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:25:44.098Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-27930", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-29T17:35:09.436681Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-27930"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:27:04.972Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "11.0", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "12.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "6.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "5.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "2020", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "10.15", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT211931", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/en-us/HT211928", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/en-us/HT211929", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/en-us/HT211940", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/en-us/HT211944", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/en-us/HT211945", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/en-us/HT211946", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/en-us/HT211947", "tags": ["x_refsource_MISC"]}, {"url": "http://seclists.org/fulldisclosure/2020/Dec/32", "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Processing a maliciously crafted font may lead to arbitrary code execution.."}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2021-02-05T17:06:19.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "7.1", "version_affected": "<"}]}, "product_name": "watchOS"}, {"version": {"version_data": [{"version_value": "14.2", "version_affected": "<"}]}, "product_name": "iOS and iPadOS"}, {"version": {"version_data": [{"version_value": "11.0", "version_affected": "<"}]}, "product_name": "macOS"}, {"version": {"version_data": [{"version_value": "12.4", "version_affected": "<"}]}, "product_name": "macOS"}, {"version": {"version_data": [{"version_value": "6.2", "version_affected": "<"}]}, "product_name": "macOS"}, {"version": {"version_data": [{"version_value": "5.3", "version_affected": "<"}]}, "product_name": "macOS"}, {"version": {"version_data": [{"version_value": "2020", "version_affected": "<"}]}, "product_name": "macOS"}, {"version": {"version_data": [{"version_value": "10.15", "version_affected": "<"}]}, "product_name": "macOS"}]}, "vendor_name": "Apple"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://support.apple.com/en-us/HT211931", "name": "https://support.apple.com/en-us/HT211931", "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT211928", "name": "https://support.apple.com/en-us/HT211928", "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT211929", "name": "https://support.apple.com/en-us/HT211929", "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT211940", "name": "https://support.apple.com/en-us/HT211940", "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT211944", "name": "https://support.apple.com/en-us/HT211944", "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT211945", "name": "https://support.apple.com/en-us/HT211945", "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT211946", "name": "https://support.apple.com/en-us/HT211946", "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT211947", "name": "https://support.apple.com/en-us/HT211947", "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2020/Dec/32", "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", "refsource": "FULLDISC"}, {"url": "http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html", "name": "http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing a maliciously crafted font may lead to arbitrary code execution.."}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-27930", "STATE": "PUBLIC", "ASSIGNER": "product-security@apple.com"}}}}, "cveMetadata": {"cveId": "CVE-2020-27930", "state": "PUBLISHED", "dateUpdated": "2025-01-29T17:35:12.422Z", "dateReserved": "2020-10-27T00:00:00.000Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2020-12-08T20:17:32.000Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "8768B67A-43ED-4726-A99F-A0A57A9A2CEC", "versionEndExcluding": "14.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "778712BB-D27F-4B41-9B79-7C896B7B1E08", "versionEndExcluding": "12.4.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DAFF28B-980D-4D09-BD3B-FC3F14B4BA49", "versionEndExcluding": "14.2", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF8C1CB5-DACB-449C-9E07-E477142C589F", "versionEndExcluding": "10.15.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "76BFC9D4-7D15-4C23-A54A-3F5A0B8BC542", "versionEndExcluding": "11.0.1", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9007C2C-CE11-4D30-9BE1-7FD4B2687B41", "versionEndExcluding": "5.3.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0199758F-1C5B-4462-8F81-A9805147FC7D", "versionEndExcluding": "6.2.9", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3877CFE3-88D5-429F-87AA-69AA49A8C5DF", "versionEndExcluding": "7.1", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution."}, {"lang": "es", "value": "Se abord\u00f3 un problema de corrupci\u00f3n de la memoria con una comprobaci\u00f3n de entrada mejorada. Este problema se corrigi\u00f3 en macOS Big Sur versi\u00f3n 11.0.1, watchOS versi\u00f3n 7.1, iOS versi\u00f3n 12.4.9, watchOS versi\u00f3n 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS versi\u00f3n 14.2 y iPadOS versi\u00f3n 14.2, watchOS versi\u00f3n 5.3.9, macOS Catalina versi\u00f3n 10.15.7 Supplemental Update, macOS Catalina versi\u00f3n 10.15.7 Update. El procesamiento de una fuente dise\u00f1ada maliciosamente puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"}], "id": "CVE-2020-27930", "lastModified": "2025-03-13T19:59:40.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2020-12-08T21:15:13.827", "references": [{"source": "product-security@apple.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Dec/32"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211928"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211929"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211931"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211940"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211944"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211945"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211946"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211947"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Dec/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211931"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211944"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211945"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211946"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211947"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}