CVE-2020-27923: Input Validation
First published: Thu Nov 05 2020(Updated: )
ImageIO. An out-of-bounds write was addressed with improved input validation.
Credit: Xingwei Lin Ant Security LightLei Sun Xingwei Lin Ant Security LightLei Sun Xingwei Lin Ant Security LightLei Sun Xingwei Lin Ant Security LightLei Sun Xingwei Lin Lei Sun product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple watchOS | <7.1 | 7.1 |
| Apple tvOS | <14.2 | 14.2 |
| Apple iOS | <14.2 | 14.2 |
| Apple iPadOS | <14.2 | 14.2 |
| Apple macOS Big Sur | <11.1 | 11.1 |
| Apple Catalina | ||
| Apple Mojave | ||
| Apple macOS Big Sur | <11.0.1 | 11.0.1 |
| Apple Mac OS X | <11.1.0 | |
| Apple iPadOS | <14.2 | |
| Apple iPhone OS | <14.2 | |
| Apple Mac OS X | <11.0.1 | |
| Apple tvOS | <14.2 | |
| Apple watchOS | <7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211928 (Advisory)
- https://support.apple.com/en-us/HT211929 (Advisory)
- https://support.apple.com/en-us/HT211930 (Advisory)
- https://support.apple.com/en-us/HT211931 (Advisory)
- https://support.apple.com/en-us/HT212011 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-27914
- CVE-2020-27915
- CVE-2020-27936
- CVE-2020-27903
- CVE-2020-27941
- CVE-2020-29621
- CVE-2020-29610
- CVE-2020-27910
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-27916
- CVE-2020-27906
- CVE-2020-27948
- CVE-2020-27908
- CVE-2020-9960
- CVE-2020-10017
- CVE-2020-27922
- CVE-2020-10001
- CVE-2020-27946
- CVE-2020-9962
- CVE-2020-27952
- CVE-2020-9956
- CVE-2020-27931
- CVE-2020-27943
- CVE-2020-27944
- CVE-2020-29624
- CVE-2020-29608
- CVE-2020-10002
- CVE-2020-27947
- CVE-2020-29612
- CVE-2020-9978
- CVE-2020-27939
- CVE-2020-29625
- CVE-2020-29615
- CVE-2020-29616
- CVE-2020-27924
- CVE-2020-29618
- CVE-2020-29611
- CVE-2020-29617
- CVE-2020-29619
- CVE-2020-27912
- CVE-2020-27923
- CVE-2020-27919
- CVE-2020-10015
- CVE-2020-27897
- CVE-2020-27907
- CVE-2020-9974
- CVE-2020-10016
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-27921
- CVE-2020-27949
- CVE-2020-29620
- CVE-2020-27911
- CVE-2020-27920
- CVE-2020-27926
- CVE-2020-10014
- CVE-2020-10010
- CVE-2020-29633
- CVE-2020-29614
- CVE-2020-13520
- CVE-2020-9972
- CVE-2020-13524
- CVE-2020-10004
- CVE-2020-27901
- CVE-2020-27938
- CVE-2020-10007
- CVE-2020-10012
- CVE-2020-27896
- CVE-2020-10009
- CVE-2020-29623
- CVE-2020-15969
- CVE-2020-27898
- CVE-2020-27945
- CVE-2020-27909
- CVE-2020-9949
- CVE-2020-9897
- CVE-2020-9883
- CVE-2020-10003
- CVE-2020-9999
- CVE-2020-27937
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-27894
- CVE-2020-36615
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29629
- CVE-2020-27942
- CVE-2020-27930
- CVE-2020-27927
- CVE-2020-29639
- CVE-2020-9955
- CVE-2020-9876
- CVE-2020-27904
- CVE-2019-14899
- CVE-2020-27950
- CVE-2020-27932
- CVE-2020-27917
- CVE-2020-9971
- CVE-2020-9941
- CVE-2020-9988
- CVE-2020-9989
- CVE-2020-10011
- CVE-2020-9996
- CVE-2020-27900
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-9963
- CVE-2020-10663
- CVE-2020-9945
- CVE-2020-9977
- CVE-2020-9942
- CVE-2020-9987
- CVE-2021-1803
- CVE-2020-9969
- CVE-2020-27893
- CVE-2021-1755
- CVE-2020-10005
- CVE-2020-9991
- CVE-2020-9849
- CVE-2020-15358
- CVE-2020-13631
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-13630
- CVE-2020-27899
- CVE-2020-10008
- CVE-2020-27918
- CVE-2020-9947
- CVE-2020-9950
- CVE-2020-27935
- CVE-2020-10006
- CVE-2020-27905
- CVE-2020-27925
- CVE-2020-27902
Frequently Asked Questions
What is CVE-2020-27923?
CVE-2020-27923 is a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image file.
What software versions are affected by CVE-2020-27923?
CVE-2020-27923 affects Apple iOS versions up to 14.2, Apple iPadOS versions up to 14.2, Apple tvOS versions up to 14.2, Apple macOS Big Sur versions up to 11.0.1, and Apple watchOS versions up to 7.1.
How can I fix CVE-2020-27923?
To fix CVE-2020-27923, update your Apple devices to the latest available software version.
Are there any references for CVE-2020-27923?
Yes, you can find more information about CVE-2020-27923 and its mitigations on the official Apple support website: [reference 1](https://support.apple.com/en-us/HT211929), [reference 2](https://support.apple.com/en-us/HT211930), [reference 3](https://support.apple.com/en-us/HT212011).
What is the Common Weakness Enumeration (CWE) ID of CVE-2020-27923?
CVE-2020-27923 is associated with CWE-20, which is the weakness category for improper input validation.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/apple-support
- alias/CVE-2020-27923
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/event
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple macos big sur
- canonical/apple catalina
- canonical/apple mojave
- canonical/apple watchos
- canonical/apple mac os x
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple tvos
- canonical/apple ios