First published: Wed Jul 15 2020(Updated: )
ImageIO. An out-of-bounds read was addressed with improved input validation.
Credit: Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iCloud for Windows | <11.3 | 11.3 |
Apple iTunes for Windows | <12.10.8 | 12.10.8 |
Apple iCloud for Windows | <7.20 | 7.20 |
Apple macOS Catalina | <10.15.6 | 10.15.6 |
Apple Mojave | ||
Apple High Sierra | ||
Apple watchOS | <6.2.8 | 6.2.8 |
Apple tvOS | <13.4.8 | 13.4.8 |
Apple iOS | <13.6 | 13.6 |
Apple iPadOS | <13.6 | 13.6 |
Apple Icloud Windows | <7.20 | |
Apple Icloud Windows | >=11.0<11.3 | |
Apple Itunes Windows | <12.10.8 | |
Apple iPadOS | <13.6 | |
Apple iPhone OS | <13.6 | |
Apple Mac OS X | <10.15.6 | |
Apple tvOS | <13.4.8 | |
Apple watchOS | <6.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2020-9938 is a vulnerability in ImageIO that allows for an out-of-bounds read due to improved input validation.
macOS Catalina (up to version 10.15.6), Mojave, High Sierra, iOS (up to version 13.6), iPadOS (up to version 13.6), watchOS (up to version 6.2.8), iCloud for Windows (up to version 7.20), tvOS (up to version 13.4.8), and iTunes for Windows (up to version 12.10.8) are all affected by CVE-2020-9938.
The severity of CVE-2020-9938 is not specified.
Apply the relevant security patches provided by Apple for the affected software versions. More information can be found in the provided references.
You can find more information about CVE-2020-9938 in the provided references.