CVE-2020-27931: Input Validation
First published: Wed Sep 16 2020(Updated: )
FontParser. A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.
Credit: Apple Apple Apple Apple Apple Mateusz Jurczyk Google Project ZeroMateusz Jurczyk Google Project ZeroMateusz Jurczyk Google Project Zero product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple tvOS | <14.0 | 14.0 |
| Apple watchOS | <7.0 | 7.0 |
| Apple iOS | <14.0 | 14.0 |
| Apple iPadOS | <14.0 | 14.0 |
| Apple macOS Big Sur | <11.0.1 | 11.0.1 |
| Apple Mac OS X | <11.1.0 | |
| Apple iPadOS | <14.0 | |
| Apple iPhone OS | <14.0 | |
| Apple Mac OS X | <11.0.1 | |
| Apple tvOS | <14.0 | |
| Apple watchOS | <7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211843 (Advisory)
- https://support.apple.com/en-us/HT211844 (Advisory)
- https://support.apple.com/en-us/HT211850 (Advisory)
- https://support.apple.com/en-us/HT211931 (Advisory)
- https://support.apple.com/en-us/HT212011 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-27914
- CVE-2020-27915
- CVE-2020-27936
- CVE-2020-27903
- CVE-2020-27941
- CVE-2020-29621
- CVE-2020-29610
- CVE-2020-27910
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-27916
- CVE-2020-27906
- CVE-2020-27948
- CVE-2020-27908
- CVE-2020-9960
- CVE-2020-10017
- CVE-2020-27922
- CVE-2020-10001
- CVE-2020-27946
- CVE-2020-9962
- CVE-2020-27952
- CVE-2020-9956
- CVE-2020-27931
- CVE-2020-27943
- CVE-2020-27944
- CVE-2020-29624
- CVE-2020-29608
- CVE-2020-10002
- CVE-2020-27947
- CVE-2020-29612
- CVE-2020-9978
- CVE-2020-27939
- CVE-2020-29625
- CVE-2020-29615
- CVE-2020-29616
- CVE-2020-27924
- CVE-2020-29618
- CVE-2020-29611
- CVE-2020-29617
- CVE-2020-29619
- CVE-2020-27912
- CVE-2020-27923
- CVE-2020-27919
- CVE-2020-10015
- CVE-2020-27897
- CVE-2020-27907
- CVE-2020-9974
- CVE-2020-10016
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-27921
- CVE-2020-27949
- CVE-2020-29620
- CVE-2020-27911
- CVE-2020-27920
- CVE-2020-27926
- CVE-2020-10014
- CVE-2020-10010
- CVE-2020-29633
- CVE-2020-29614
- CVE-2020-13520
- CVE-2020-9972
- CVE-2020-13524
- CVE-2020-10004
- CVE-2020-27901
- CVE-2020-27938
- CVE-2020-10007
- CVE-2020-10012
- CVE-2020-27896
- CVE-2020-10009
- CVE-2020-29623
- CVE-2020-15969
- CVE-2020-27898
- CVE-2020-27945
- CVE-2020-27909
- CVE-2020-9949
- CVE-2020-9897
- CVE-2020-9883
- CVE-2020-10003
- CVE-2020-9999
- CVE-2020-27937
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-27894
- CVE-2020-36615
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29629
- CVE-2020-27942
- CVE-2020-27930
- CVE-2020-27927
- CVE-2020-29639
- CVE-2020-9955
- CVE-2020-9876
- CVE-2020-27904
- CVE-2019-14899
- CVE-2020-27950
- CVE-2020-27932
- CVE-2020-27917
- CVE-2020-9971
- CVE-2020-9941
- CVE-2020-9988
- CVE-2020-9989
- CVE-2020-10011
- CVE-2020-9996
- CVE-2020-27900
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-9963
- CVE-2020-10663
- CVE-2020-9945
- CVE-2020-9977
- CVE-2020-9942
- CVE-2020-9987
- CVE-2021-1803
- CVE-2020-9969
- CVE-2020-27893
- CVE-2021-1755
- CVE-2020-10005
- CVE-2020-9991
- CVE-2020-9849
- CVE-2020-15358
- CVE-2020-13631
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-13630
- CVE-2020-27899
- CVE-2020-10008
- CVE-2020-27918
- CVE-2020-9947
- CVE-2020-9950
- CVE-2020-27935
- CVE-2020-10006
- CVE-2020-9954
- CVE-2020-36521
- CVE-2020-9961
- CVE-2020-9976
- CVE-2020-9981
- CVE-2020-9946
- CVE-2020-9993
- CVE-2020-9968
- CVE-2020-9951
- CVE-2020-9983
- CVE-2020-9952
- CVE-2020-9979
- CVE-2020-10013
- CVE-2020-9958
- CVE-2020-9773
- CVE-2020-9992
- CVE-2020-9964
- CVE-2020-6147
- CVE-2020-9973
- CVE-2020-9959
Frequently Asked Questions
What is CVE-2020-27931?
CVE-2020-27931 is a memory corruption issue in the FontParser component of Apple's software.
Which software versions are affected by CVE-2020-27931?
CVE-2020-27931 affects Apple tvOS up to version 14.0, Apple iOS up to version 14.0, Apple iPadOS up to version 14.0, Apple watchOS up to version 7.0, Apple macOS Big Sur up to version 11.0.1, Apple macOS Big Sur up to version 11.1, Apple Catalina, and Apple Mojave.
How can I fix the vulnerability in CVE-2020-27931?
To fix the vulnerability in CVE-2020-27931, you should update your affected Apple software to the latest version available.
Where can I find more information about CVE-2020-27931?
You can find more information about CVE-2020-27931 on the Apple support website.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-27931?
The CWE ID for CVE-2020-27931 is CWE-20, which stands for Improper Input Validation.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/apple-support
- alias/CVE-2020-27943
- alias/CVE-2020-27944
- alias/CVE-2020-29624
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-index
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple macos big sur
- canonical/apple catalina
- canonical/apple mojave
- canonical/apple watchos
- canonical/apple mac os x
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple tvos
- canonical/apple ios