Sign-up

ID

VAR-202104-0159


CVE

CVE-2020-27952


TITLE

Apple macOS libFontParser TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-20-1404

DESCRIPTION

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the libFontParser library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of TTF fonts. Crafted data in a TTF font can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A buffer error vulnerability exists in Apple macOS. The vulnerability stems from an unknown function of FontParser. Entering unknown operations will result in memory corruption. Apple macOS could allow a remote authenticated malicious user to gain elevated privileges on the system, caused by an out-of-bounds write in the parsing of TTF fonts

Trust: 1.71

sources: NVD: CVE-2020-27952 // ZDI: ZDI-20-1404 // VULHUB: VHN-372063 // VULMON: CVE-2020-27952

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.1.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-1404 // NVD: CVE-2020-27952

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27952
value: HIGH

Trust: 1.0

ZDI: CVE-2020-27952
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202012-1111
value: HIGH

Trust: 0.6

VULHUB: VHN-372063
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-27952
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-27952
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-372063
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27952
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2020-27952
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-1404 // VULHUB: VHN-372063 // VULMON: CVE-2020-27952 // CNNVD: CNNVD-202012-1111 // NVD: CVE-2020-27952

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-372063 // NVD: CVE-2020-27952

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1111

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202012-1111

PATCH

title:Apple macOS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137049

Trust: 0.6

title:Apple: macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojaveurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=60a51a6d3f600c46241622f208f75bff

Trust: 0.1

sources: VULMON: CVE-2020-27952 // CNNVD: CNNVD-202012-1111

EXTERNAL IDS

db:NVDid:CVE-2020-27952

Trust: 2.5

db:ZDI_CANid:ZDI-CAN-11598

Trust: 0.7

db:ZDIid:ZDI-20-1404

Trust: 0.7

db:AUSCERTid:ESB-2020.4060.2

Trust: 0.6

db:CNNVDid:CNNVD-202012-1111

Trust: 0.6

db:VULHUBid:VHN-372063

Trust: 0.1

db:VULMONid:CVE-2020-27952

Trust: 0.1

sources: ZDI: ZDI-20-1404 // VULHUB: VHN-372063 // VULMON: CVE-2020-27952 // CNNVD: CNNVD-202012-1111 // NVD: CVE-2020-27952

REFERENCES

url:https://support.apple.com/en-us/ht211931

Trust: 1.8

url:https://support.apple.com/en-us/ht212011

Trust: 1.8

url:https://www.auscert.org.au/bulletins/esb-2020.4060.2/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-27952

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/192823

Trust: 0.1

sources: VULHUB: VHN-372063 // VULMON: CVE-2020-27952 // CNNVD: CNNVD-202012-1111 // NVD: CVE-2020-27952

CREDITS

Mickey Jin & Junzhi Lu of Trend Micro Mobile Security Research Team

Trust: 0.7

sources: ZDI: ZDI-20-1404

SOURCES

db:ZDIid:ZDI-20-1404
db:VULHUBid:VHN-372063
db:VULMONid:CVE-2020-27952
db:CNNVDid:CNNVD-202012-1111
db:NVDid:CVE-2020-27952

LAST UPDATE DATE

2024-11-23T19:48:37.658000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-1404date:2020-12-08T00:00:00
db:VULHUBid:VHN-372063date:2021-04-08T00:00:00
db:VULMONid:CVE-2020-27952date:2021-04-08T00:00:00
db:CNNVDid:CNNVD-202012-1111date:2021-08-16T00:00:00
db:NVDid:CVE-2020-27952date:2024-11-21T05:22:06.910

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-1404date:2020-12-08T00:00:00
db:VULHUBid:VHN-372063date:2021-04-02T00:00:00
db:VULMONid:CVE-2020-27952date:2021-04-02T00:00:00
db:CNNVDid:CNNVD-202012-1111date:2020-12-15T00:00:00
db:NVDid:CVE-2020-27952date:2021-04-02T18:15:17.043