What is CVE-2020-9878?

CVE-2020-9878 is a buffer overflow issue in Model I/O that has been addressed with improved memory handling.

Who is affected by CVE-2020-9878?

Users of Apple macOS Catalina (up to version 10.15.6), Apple Mojave, Apple High Sierra, Apple iOS (up to version 13.6), Apple iPadOS (up to version 13.6), Apple watchOS (up to version 6.2.8), and Apple tvOS (up to version 13.4.8) are affected by CVE-2020-9878.

What is the severity of CVE-2020-9878?

The severity of CVE-2020-9878 is not specified in the provided information.

How can I fix CVE-2020-9878?

To fix CVE-2020-9878, update your software to the available remedies provided by Apple for the affected products and versions.

Where can I find more information about CVE-2020-9878?

You can find more information about CVE-2020-9878 on the following references: [link 1](https://support.apple.com/en-us/HT211289), [link 2](https://support.apple.com/en-us/HT211288), [link 3](https://support.apple.com/en-us/HT211291).

Vulnerability/
CVE-2020-9878

high

7.8

CWE

119 120

15/7/2020

16/10/2020

4/8/2024

CVE-2020-9878: Buffer Overflow

First published: Wed Jul 15 2020(Updated: )

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Credit: Holger Fuhrmannek Deutsche Telekom SecurityAleksandar Nikolic Cisco Talos product-security@apple.com

Affected Software	Affected Version	How to fix
tvOS	<13.4.8	13.4.8
macOS Catalina	<10.15.6	10.15.6
macOS Mojave
macOS High Sierra
Apple iOS, iPadOS, and watchOS	<6.2.8	6.2.8
Apple iOS and iPadOS	<13.6	13.6
Apple iOS, iPadOS, and macOS	<13.6	13.6
Apple iOS, iPadOS, and macOS	<13.6
iPhone OS	<13.6
Apple iOS and macOS	<10.15.6
tvOS	<13.4.8
Apple iOS, iPadOS, and watchOS	<6.2.8

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT211288 (Advisory)
https://support.apple.com/en-us/HT211289 (Advisory)
https://support.apple.com/en-us/HT211290 (Advisory)
https://support.apple.com/en-us/HT211291 (Advisory)
https://support.apple.com/HT211288
https://support.apple.com/HT211289
https://support.apple.com/HT211291

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2020-9884
CVE-2020-9889
CVE-2020-9888
CVE-2020-9890
CVE-2020-9891
CVE-2020-9907
CVE-2020-9883
CVE-2020-9865
CVE-2020-9900
CVE-2020-9980
CVE-2020-9933
CVE-2020-9914
CVE-2020-27933
CVE-2020-11758
CVE-2020-11759
CVE-2020-11760
CVE-2020-11761
CVE-2020-11762
CVE-2020-11763
CVE-2020-11764
CVE-2020-11765
CVE-2020-9871
CVE-2020-9872
CVE-2020-9874
CVE-2020-9879
CVE-2020-9936
CVE-2020-9937
CVE-2020-9919
CVE-2020-9876
CVE-2020-9873
CVE-2020-9938
CVE-2020-9984
CVE-2020-9877
CVE-2020-9875
CVE-2019-14899
CVE-2020-9909
CVE-2020-9904
CVE-2020-9863
CVE-2020-9892
CVE-2020-9902
CVE-2020-9905
CVE-2020-9926
CVE-2020-9880
CVE-2020-9878
CVE-2020-9940
CVE-2020-9868
CVE-2020-9901
CVE-2020-9894
CVE-2020-9915
CVE-2020-9925
CVE-2020-9893
CVE-2020-9895
CVE-2020-9910
CVE-2020-9916
CVE-2020-9862
CVE-2020-6514
CVE-2020-9918
CVE-2020-9927
CVE-2020-9928
CVE-2020-9929
CVE-2020-9870
CVE-2020-9866
CVE-2020-9869
CVE-2020-9949
CVE-2020-9934
CVE-2020-9799
CVE-2020-9913
CVE-2020-9887
CVE-2020-9908
CVE-2020-9990
CVE-2020-9921
CVE-2020-9924
CVE-2020-9997
CVE-2020-9994
CVE-2020-9935
CVE-2019-19906
CVE-2020-9920
CVE-2020-9922
CVE-2020-9885
CVE-2020-9881
CVE-2020-9882
CVE-2020-9985
CVE-2020-12243
CVE-2020-10878
CVE-2020-12723
CVE-2014-9512
CVE-2020-9930
CVE-2020-9939
CVE-2020-9864
CVE-2020-9854
CVE-2019-20807
CVE-2020-9898
CVE-2020-9899
CVE-2020-9906
CVE-2020-9923
CVE-2020-9931
CVE-2020-9903
CVE-2020-9911
CVE-2020-9917

Frequently Asked Questions

What is CVE-2020-9878?
CVE-2020-9878 is a buffer overflow issue in Model I/O that has been addressed with improved memory handling.
Who is affected by CVE-2020-9878?
Users of Apple macOS Catalina (up to version 10.15.6), Apple Mojave, Apple High Sierra, Apple iOS (up to version 13.6), Apple iPadOS (up to version 13.6), Apple watchOS (up to version 6.2.8), and Apple tvOS (up to version 13.4.8) are affected by CVE-2020-9878.
What is the severity of CVE-2020-9878?
The severity of CVE-2020-9878 is not specified in the provided information.
How can I fix CVE-2020-9878?
To fix CVE-2020-9878, update your software to the available remedies provided by Apple for the affected products and versions.
Where can I find more information about CVE-2020-9878?
You can find more information about CVE-2020-9878 on the following references: [link 1](https://support.apple.com/en-us/HT211289), [link 2](https://support.apple.com/en-us/HT211288), [link 3](https://support.apple.com/en-us/HT211291).

agent/type
agent/first-publish-date
agent/weakness
agent/references
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
collector/apple-support
alias/CVE-2020-9940
agent/software-canonical-lookup-request
agent/author
alias/CVE-2020-9881
alias/CVE-2020-9882
alias/CVE-2020-9985
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/apple
canonical/tvos
canonical/macos catalina
canonical/macos mojave
canonical/macos high sierra
canonical/apple ios, ipados, and watchos
canonical/apple ios and ipados
canonical/apple ios, ipados, and macos
canonical/iphone os
canonical/apple ios and macos