An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
{
"unresolved_ranges": [
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "14.8"
}
],
"vendor_product": "apple:ipados",
"cpes": [
"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
]
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "12.5.5"
},
{
"introduced": "13.0"
},
{
"fixed": "14.8"
}
],
"vendor_product": "apple:iphone_os",
"cpes": [
"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
]
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "10.15"
},
{
"fixed": "10.15.7"
}
],
"vendor_product": "apple:mac_os_x",
"cpes": [
"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"
]
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "11.6"
}
],
"vendor_product": "apple:macos",
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
]
},
{
"source": "CPE_RANGE",
"vendor_product": "apple:watchos",
"extracted_events": [
{
"fixed": "7.6.2"
}
],
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
]
},
{
"source": "CPE_RANGE",
"vendor_product": "xpdfreader:xpdf",
"extracted_events": [
{
"fixed": "4.04"
}
],
"cpes": [
"cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*"
]
},
{
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "10.15.7-NA"
},
{
"last_affected": "10.15.7-NA"
},
{
"introduced": "10.15.7-security_update_2020"
},
{
"last_affected": "10.15.7-security_update_2020"
},
{
"introduced": "10.15.7-security_update_2020\\-001"
},
{
"last_affected": "10.15.7-security_update_2020\\-001"
},
{
"introduced": "10.15.7-security_update_2021\\-001"
},
{
"last_affected": "10.15.7-security_update_2021\\-001"
},
{
"introduced": "10.15.7-security_update_2021\\-002"
},
{
"last_affected": "10.15.7-security_update_2021\\-002"
},
{
"introduced": "10.15.7-security_update_2021\\-003"
},
{
"last_affected": "10.15.7-security_update_2021\\-003"
},
{
"introduced": "10.15.7-security_update_2021\\-004"
},
{
"last_affected": "10.15.7-security_update_2021\\-004"
}
],
"vendor_product": "apple:mac_os_x",
"cpes": [
"cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*"
]
}
]
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "22.09.0"
}
]
}