What is CVE-2020-9972?

CVE-2020-9972 is a buffer overflow issue in Model I/O that was addressed with improved memory handling.

Which software versions are affected by CVE-2020-9972?

CVE-2020-9972 affects Apple iOS up to version 14.3, Apple iPadOS up to version 14.3, Apple iOS up to version 14.0, Apple iPadOS up to version 14.0, Apple tvOS up to version 14.3, Apple macOS Big Sur up to version 11.1, Apple Catalina, and Apple Mojave.

How severe is CVE-2020-9972?

The severity of CVE-2020-9972 is not specified in the provided information.

How can I fix CVE-2020-9972?

To fix CVE-2020-9972, update to the latest available version of the affected software as mentioned in the provided references.

Where can I find more information about CVE-2020-9972?

You can find more information about CVE-2020-9972 on the Apple support website using the provided references.

Vulnerability/
CVE-2020-9972

high

7.8

CWE

119 120

16/9/2020

8/12/2020

4/8/2024

CVE-2020-9972: Buffer Overflow

First published: Wed Sep 16 2020(Updated: )

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Credit: Aleksandar Nikolic Cisco TalosAleksandar Nikolic Cisco TalosAleksandar Nikolic Cisco TalosAleksandar Nikolic Cisco TalosAleksandar Nikolic Cisco Talos product-security@apple.com

Affected Software	Affected Version	How to fix
Apple macOS Big Sur	<11.1	11.1
Apple Catalina
Apple Mojave
Apple tvOS	<14.3	14.3
Apple iOS	<14.0	14.0
Apple iPadOS	<14.0	14.0
Apple iOS	<14.3	14.3
Apple iPadOS	<14.3	14.3
Apple Ipad Os	<14.3
Apple iPhone OS	<14.3
Apple macOS	<11.1
Apple tvOS	<14.3

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT211850 (Advisory)
https://support.apple.com/en-us/HT212003 (Advisory)
https://support.apple.com/en-us/HT212005 (Advisory)
https://support.apple.com/en-us/HT212011 (Advisory)
https://support.apple.com/kb/HT212003
https://support.apple.com/kb/HT212005
https://support.apple.com/kb/HT212011

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2020-27914
CVE-2020-27915
CVE-2020-27936
CVE-2020-27903
CVE-2020-27941
CVE-2020-29621
CVE-2020-29610
CVE-2020-27910
CVE-2020-9943
CVE-2020-9944
CVE-2020-27916
CVE-2020-27906
CVE-2020-27948
CVE-2020-27908
CVE-2020-9960
CVE-2020-10017
CVE-2020-27922
CVE-2020-10001
CVE-2020-27946
CVE-2020-9962
CVE-2020-27952
CVE-2020-9956
CVE-2020-27931
CVE-2020-27943
CVE-2020-27944
CVE-2020-29624
CVE-2020-29608
CVE-2020-10002
CVE-2020-27947
CVE-2020-29612
CVE-2020-9978
CVE-2020-27939
CVE-2020-29625
CVE-2020-29615
CVE-2020-29616
CVE-2020-27924
CVE-2020-29618
CVE-2020-29611
CVE-2020-29617
CVE-2020-29619
CVE-2020-27912
CVE-2020-27923
CVE-2020-27919
CVE-2020-10015
CVE-2020-27897
CVE-2020-27907
CVE-2020-9974
CVE-2020-10016
CVE-2020-9967
CVE-2020-9975
CVE-2020-27921
CVE-2020-27949
CVE-2020-29620
CVE-2020-27911
CVE-2020-27920
CVE-2020-27926
CVE-2020-10014
CVE-2020-10010
CVE-2020-29633
CVE-2020-29614
CVE-2020-13520
CVE-2020-9972
CVE-2020-13524
CVE-2020-10004
CVE-2020-27901
CVE-2020-27938
CVE-2020-10007
CVE-2020-10012
CVE-2020-27896
CVE-2020-10009
CVE-2020-29623
CVE-2020-15969
CVE-2020-27898
CVE-2021-31077
CVE-2020-9958
CVE-2020-9979
CVE-2020-9954
CVE-2020-9949
CVE-2020-9999
CVE-2020-9965
CVE-2020-9966
CVE-2020-29629
CVE-2020-29639
CVE-2020-9773
CVE-2020-9992
CVE-2020-36521
CVE-2020-9955
CVE-2020-9961
CVE-2020-9876
CVE-2020-9964
CVE-2019-14899
CVE-2020-9976
CVE-2020-9981
CVE-2020-9971
CVE-2020-9941
CVE-2020-9988
CVE-2020-9989
CVE-2020-6147
CVE-2020-9973
CVE-2020-9996
CVE-2020-9946
CVE-2020-9963
CVE-2020-9977
CVE-2020-9993
CVE-2020-9969
CVE-2020-9968
CVE-2020-9959
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
CVE-2020-9849
CVE-2020-15358
CVE-2020-13631
CVE-2020-13630
CVE-2020-9947
CVE-2020-9950
CVE-2020-9951
CVE-2020-9983
CVE-2020-9952
CVE-2020-10013
CVE-2020-29613
CVE-2020-27951

Frequently Asked Questions

What is CVE-2020-9972?
CVE-2020-9972 is a buffer overflow issue in Model I/O that was addressed with improved memory handling.
Which software versions are affected by CVE-2020-9972?
CVE-2020-9972 affects Apple iOS up to version 14.3, Apple iPadOS up to version 14.3, Apple iOS up to version 14.0, Apple iPadOS up to version 14.0, Apple tvOS up to version 14.3, Apple macOS Big Sur up to version 11.1, Apple Catalina, and Apple Mojave.
How severe is CVE-2020-9972?
The severity of CVE-2020-9972 is not specified in the provided information.
How can I fix CVE-2020-9972?
To fix CVE-2020-9972, update to the latest available version of the affected software as mentioned in the provided references.
Where can I find more information about CVE-2020-9972?
You can find more information about CVE-2020-9972 on the Apple support website using the provided references.

agent/type
agent/last-modified-date
agent/first-publish-date
collector/apple-support
agent/software-canonical-lookup-request
agent/severity
agent/references
agent/weakness
agent/author
agent/event
alias/CVE-2020-9972
agent/description
collector/nvd-index
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/apple
canonical/apple macos big sur
canonical/apple catalina
canonical/apple mojave
canonical/apple tvos
canonical/apple ios
canonical/apple ipados
canonical/apple ipad os
canonical/apple iphone os
canonical/apple macos