Sign-up

ID

VAR-202010-0209


CVE

CVE-2019-8582


TITLE

plural Apple Out-of-bounds read vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-015873

DESCRIPTION

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory. plural Apple The product has an out-of-bounds read vulnerability due to a flawed boundary check.Processing maliciously created fonts can expose process memory. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation * Arbitrary code execution * information leak * Service operation interruption (DoS). Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The CTFramesetterCreateWithAttributedString method in Apple macOS has a buffer error vulnerability, which is caused by the program's lack of validation of user-supplied data. Attackers can use malicious files or pages to exploit this vulnerability to disclose sensitive information

Trust: 2.52

sources: NVD: CVE-2019-8582 // JVNDB: JVNDB-2019-015873 // JVNDB: JVNDB-2019-004252 // VULHUB: VHN-160017 // VULMON: CVE-2019-8582

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.5

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.9.5

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.12

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.4

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:for windows 12.9.5 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (ipad air 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (ipod touch 第 6 世代)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:12.3 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:icloudscope:eqversion:for windows 7.12 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (iphone 5s 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:12.3 未満 (apple tv hd)

Trust: 0.8

vendor:applemodel:airmac base stationscope:ltversion:update 7.9.1 earlier

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 7.12 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.9.5 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2019-015873 // JVNDB: JVNDB-2019-004252 // NVD: CVE-2019-8582

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8582
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015873
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201907-1285
value: MEDIUM

Trust: 0.6

VULHUB: VHN-160017
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8582
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8582
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015873
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160017
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8582
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015873
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160017 // VULMON: CVE-2019-8582 // JVNDB: JVNDB-2019-015873 // CNNVD: CNNVD-201907-1285 // NVD: CVE-2019-8582

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-160017 // JVNDB: JVNDB-2019-015873 // NVD: CVE-2019-8582

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1285

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1285

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015873

PATCH
title:HT210124url:https://support.apple.com/en-us/HT210124
Trust: 1.6
title:HT210125url:https://support.apple.com/en-us/HT210125
Trust: 1.6
title:HT210118url:https://support.apple.com/en-us/HT210118
Trust: 0.8
title:HT210119url:https://support.apple.com/en-us/HT210119
Trust: 0.8
title:HT210120url:https://support.apple.com/en-us/HT210120
Trust: 0.8
title:HT210124url:https://support.apple.com/ja-jp/HT210124
Trust: 0.8
title:HT210125url:https://support.apple.com/ja-jp/HT210125
Trust: 0.8
title:HT210118url:https://support.apple.com/ja-jp/HT210118
Trust: 0.8
title:HT210119url:https://support.apple.com/ja-jp/HT210119
Trust: 0.8
title:HT210120url:https://support.apple.com/ja-jp/HT210120
Trust: 0.8
title:About the security content of AirPort Base Station Firmware Update 7.9.1url:https://support.apple.com/en-us/HT210090
Trust: 0.8
title:Apple macOS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95439
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-015873 // 
            
            
            
            JVNDB: JVNDB-2019-004252 // 
            
            
            
            CNNVD: CNNVD-201907-1285

EXTERNAL IDS
db:NVDid:CVE-2019-8582
Trust: 2.6
db:JVNid:JVNVU98453159
Trust: 1.6
db:JVNid:JVNVU93988385
Trust: 0.8
db:JVNDBid:JVNDB-2019-015873
Trust: 0.8
db:JVNDBid:JVNDB-2019-004252
Trust: 0.8
db:CNNVDid:CNNVD-201907-1285
Trust: 0.7
db:ZDIid:ZDI-19-676
Trust: 0.6
db:VULHUBid:VHN-160017
Trust: 0.1
db:VULMONid:CVE-2019-8582
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160017 // 
            
            
            
            VULMON: CVE-2019-8582 // 
            
            
            
            JVNDB: JVNDB-2019-015873 // 
            
            
            
            JVNDB: JVNDB-2019-004252 // 
            
            
            
            CNNVD: CNNVD-201907-1285 // 
            
            
            
            NVD: CVE-2019-8582

REFERENCES
url:https://support.apple.com/en-us/ht210118
Trust: 1.8
url:https://support.apple.com/en-us/ht210119
Trust: 1.8
url:https://support.apple.com/en-us/ht210120
Trust: 1.8
url:https://support.apple.com/en-us/ht210124
Trust: 1.8
url:https://support.apple.com/en-us/ht210125
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8582
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8582
Trust: 0.8
url:http://jvn.jp/vu/jvnvu93988385/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98453159/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98453159/
Trust: 0.8
url:https://www.zerodayinitiative.com/advisories/zdi-19-676/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/125.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160017 // 
            
            
            
            VULMON: CVE-2019-8582 // 
            
            
            
            JVNDB: JVNDB-2019-015873 // 
            
            
            
            JVNDB: JVNDB-2019-004252 // 
            
            
            
            CNNVD: CNNVD-201907-1285 // 
            
            
            
            NVD: CVE-2019-8582

CREDITS
riusksk of VulWar Corp
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201907-1285

SOURCES
db:VULHUBid:VHN-160017
db:VULMONid:CVE-2019-8582
db:JVNDBid:JVNDB-2019-015873
db:JVNDBid:JVNDB-2019-004252
db:CNNVDid:CNNVD-201907-1285
db:NVDid:CVE-2019-8582

LAST UPDATE DATE
2024-11-23T21:31:11.149000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-160017date:2020-10-28T00:00:00
db:VULMONid:CVE-2019-8582date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2019-015873date:2021-01-28T05:11:29
db:JVNDBid:JVNDB-2019-004252date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201907-1285date:2020-10-29T00:00:00
db:NVDid:CVE-2019-8582date:2024-11-21T04:50:06.763

SOURCES RELEASE DATE
db:VULHUBid:VHN-160017date:2020-10-27T00:00:00
db:VULMONid:CVE-2019-8582date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2019-015873date:2021-01-28T05:11:29
db:JVNDBid:JVNDB-2019-004252date:2019-05-30T00:00:00
db:CNNVDid:CNNVD-201907-1285date:2019-07-24T00:00:00
db:NVDid:CVE-2019-8582date:2020-10-27T20:15:15.893