Sign-up

ID

VAR-202109-0819


CVE

CVE-2021-30798


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. APPLE-SA-2021-07-21-5 watchOS 7.6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-07-21-5 watchOS 7.6 watchOS 7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212605. ActionKit Available for: Apple Watch Series 3 and later Impact: A shortcut may be able to bypass Internet permission requirements Description: An input validation issue was addressed with improved input validation. CVE-2021-30763: Zachary Keffaber (@QuickUpdate5) Audio Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30781: tr3e CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A logic issue was addressed with improved validation. CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab CoreText Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team Crash Reporter Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2021-30774: Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University CVMS Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to gain root privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications dyld Available for: Apple Watch Series 3 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved validation. CVE-2021-30768: Linus Henze (pinauten.de) FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2021-30760: Sunglin of Knownsec 404 team FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative Identity Service Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2021-30773: Linus Henze (pinauten.de) ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro Kernel Available for: Apple Watch Series 3 and later Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved state management. CVE-2021-30769: Linus Henze (pinauten.de) Kernel Available for: Apple Watch Series 3 and later Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A logic issue was addressed with improved validation. CVE-2021-30770: Linus Henze (pinauten.de) libxml2 Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-30758: Christoph Guttandin of Media Codings WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30795: Sergei Glazunov of Google Project Zero WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to code execution Description: This issue was addressed with improved checks. CVE-2021-30797: Ivan Fratric of Google Project Zero Additional recognition CoreText We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Safari We would like to acknowledge an anonymous researcher for their assistance. Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r/wACgkQZcsbuWJ6 jjA5JA/+KaHxQskvddxN7TYrwa0mVsrNsHcb+BWwJmmW79hEP54U3+biN5Wr6yn4 BiOuiPjXgED3prcu+kNeaUQfSSebbtuw/+GdrL1IKiEsVdywCOHbWdVm3rdB/fae mY0SpseN6PtJDHayThY4XIdkLsbiqPDaZsVBUB6Rzk01t3QmsXyBFS9M4wqJf/cS LqELCvY1Z++ZyFPaZuzY/EWHqN19RQ2T9XXw+lg9fURwnmqDHz+OB/9T0S6EHAm3 Xgp8artbbu9y7xUD93ApbE0eiroVZ56QBMNG7A3mOgKkKmW731DQyZEhJRV1nW5N Xusw0gEx6evQlDwIUMVKUxgdOT2mTMJgOCbINLurgUdf4yewDsPQxB+0TElETo2I x9DC9XzcN0kls0Yvk04tZ3DgRk6GM1L908ScsufS7x9TiclidSxbKhuUuT58OpDx n0Ix/9W0xE6nTBBUG1E21QW6CDus7ulw2hzLmN8mfp1JhN5zjrDX/qXRJ4uCRk0x 4ElU3Y5lpdgd7dhH3E3dOjy5WD92EdwquVre8aqhlWDeK3TkowLgcT17nNw1WXXz rt2RbptgvEtHHM5B0lpcorCoMExYcSmk7vvvu71V1wv3Yt/IGxL0fFo+Iwnkajfd towV3kQLLedLX9IWR/Mc7dBb5rhEaJUCmkhwIZj2l/ZpIVW/xXo=xUNU -----END PGP SIGNATURE-----

Trust: 1.71

sources: NVD: CVE-2021-30798 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390531 // VULMON: CVE-2021-30798 // PACKETSTORM: 163650

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:14.7

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.5

Trust: 1.0

sources: NVD: CVE-2021-30798

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30798
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-1635
value: HIGH

Trust: 0.6

VULHUB: VHN-390531
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-30798
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-390531
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30798
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-390531 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1635 // NVD: CVE-2021-30798

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2021-30798

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1635

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Apple macOS Big Sur Repair measures for the competition condition problem loopholeurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157241

Trust: 0.6

sources: CNNVD: CNNVD-202107-1635

EXTERNAL IDS

db:NVDid:CVE-2021-30798

Trust: 1.9

db:PACKETSTORMid:163650

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021072218

Trust: 0.6

db:AUSCERTid:ESB-2021.2485.2

Trust: 0.6

db:CNNVDid:CNNVD-202107-1635

Trust: 0.6

db:VULHUBid:VHN-390531

Trust: 0.1

db:VULMONid:CVE-2021-30798

Trust: 0.1

sources: VULHUB: VHN-390531 // VULMON: CVE-2021-30798 // PACKETSTORM: 163650 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1635 // NVD: CVE-2021-30798

REFERENCES

url:https://support.apple.com/en-us/ht212602

Trust: 2.3

url:https://support.apple.com/en-us/ht212601

Trust: 1.7

url:https://support.apple.com/en-us/ht212605

Trust: 1.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072218

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35970

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2485.2

Trust: 0.6

url:https://packetstormsecurity.com/files/163650/apple-security-advisory-2021-07-21-5.html

Trust: 0.6

url:http://seclists.org/fulldisclosure/2021/jul/58

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30768

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30781

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30795

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30776

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3518

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30780

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30759

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30789

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30779

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30758

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30763

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30760

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30798

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30770

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30769

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30785

Trust: 0.1

url:https://support.apple.com/ht212605.

Trust: 0.1

sources: VULHUB: VHN-390531 // VULMON: CVE-2021-30798 // PACKETSTORM: 163650 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1635 // NVD: CVE-2021-30798

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 163650

SOURCES

db:VULHUBid:VHN-390531
db:VULMONid:CVE-2021-30798
db:PACKETSTORMid:163650
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-1635
db:NVDid:CVE-2021-30798

LAST UPDATE DATE

2024-08-14T12:12:11.167000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390531date:2022-07-12T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-1635date:2022-07-14T00:00:00
db:NVDid:CVE-2021-30798date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-390531date:2021-09-08T00:00:00
db:PACKETSTORMid:163650date:2021-07-23T15:32:01
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-1635date:2021-07-21T00:00:00
db:NVDid:CVE-2021-30798date:2021-09-08T14:15:11.750