CVE-2021-30743: Input Validation
First published: Mon Apr 26 2021(Updated: )
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.
Credit: CFF Topsec Alpha Teaman anonymous researcher Jeonghoon Shin @singi21a THEORI working with Trend Micro Zero Day InitiativeYe Zhang @co0py_Cat Baidu SecurityJzhu Trend Micro Zero Day InitiativeXingwei Lin Ant Security Light product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <11.3 | 11.3 |
| tvOS | <14.5 | 14.5 |
| macOS Catalina | ||
| Apple iOS, iPadOS, and watchOS | <14.5 | 14.5 |
| Apple iOS, iPadOS, and watchOS | <14.5 | 14.5 |
| Apple iOS, iPadOS, and watchOS | <7.4 | 7.4 |
| Apple iOS, iPadOS, and watchOS | <14.5 | |
| iOS | <14.5 | |
| Apple iOS and macOS | =10.15 | |
| Apple iOS and macOS | =10.15.1 | |
| Apple iOS and macOS | =10.15.2 | |
| Apple iOS and macOS | =10.15.3 | |
| Apple iOS and macOS | =10.15.4 | |
| Apple iOS and macOS | =10.15.5 | |
| Apple iOS and macOS | =10.15.6 | |
| Apple iOS and macOS | =10.15.6 | |
| Apple iOS and macOS | =10.15.6-supplemental_update | |
| Apple iOS and macOS | =10.15.7 | |
| Apple iOS and macOS | =10.15.7 | |
| Apple iOS and macOS | =10.15.7-security_update_2020 | |
| Apple iOS and macOS | =10.15.7-security_update_2020-001 | |
| Apple iOS and macOS | =10.15.7-security_update_2020-005 | |
| Apple iOS and macOS | =10.15.7-security_update_2020-007 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-001 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-002 | |
| Apple iOS and macOS | =10.15.7-supplemental_update | |
| Apple iOS and macOS | >=11.0.1<11.3 | |
| tvOS | <14.5 | |
| Apple iOS, iPadOS, and watchOS | <7.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-1853
- CVE-2021-1849
- CVE-2021-1867
- CVE-2021-1810
- CVE-2021-1808
- CVE-2021-1857
- CVE-2021-30752
- CVE-2021-30664
- CVE-2021-1846
- CVE-2021-1809
- CVE-2021-30659
- CVE-2021-1847
- CVE-2021-1811
- CVE-2020-8284
- CVE-2020-8286
- CVE-2020-8285
- CVE-2021-1784
- CVE-2021-1872
- CVE-2021-1881
- CVE-2021-1882
- CVE-2021-1813
- CVE-2021-1883
- CVE-2021-1884
- CVE-2021-1880
- CVE-2021-30653
- CVE-2021-1814
- CVE-2021-1843
- CVE-2021-1885
- CVE-2021-1858
- CVE-2021-30743
- CVE-2021-30658
- CVE-2021-1841
- CVE-2021-1834
- CVE-2021-1860
- CVE-2021-1840
- CVE-2021-1851
- CVE-2021-1832
- CVE-2021-30660
- CVE-2021-30652
- CVE-2021-1875
- CVE-2021-1824
- CVE-2021-1859
- CVE-2021-1876
- CVE-2021-1815
- CVE-2021-1739
- CVE-2021-1740
- CVE-2021-1861
- CVE-2021-1855
- CVE-2021-1868
- CVE-2021-30750
- CVE-2021-1878
- CVE-2021-30657
- CVE-2021-30856
- CVE-2020-8037
- CVE-2021-1839
- CVE-2021-1825
- CVE-2021-1817
- CVE-2021-1826
- CVE-2021-1820
- CVE-2021-30661
- CVE-2020-7463
- CVE-2021-1828
- CVE-2021-1829
- CVE-2021-30655
- CVE-2021-1770
- CVE-2021-1873
- CVE-2021-1836
- CVE-2021-30764
- CVE-2021-1864
- CVE-2021-1816
- CVE-2021-1822
- CVE-2021-1844
- CVE-2021-30676
- CVE-2021-30678
- CVE-2021-30688
- CVE-2021-30669
- CVE-2021-30685
- CVE-2021-30686
- CVE-2021-30681
- CVE-2021-30724
- CVE-2021-30673
- CVE-2020-29629
- CVE-2021-30684
- CVE-2021-30735
- CVE-2021-30710
- CVE-2021-30697
- CVE-2021-30683
- CVE-2021-30687
- CVE-2021-30701
- CVE-2021-30705
- CVE-2021-30728
- CVE-2021-30719
- CVE-2021-30726
- CVE-2021-30704
- CVE-2021-30715
- CVE-2021-30739
- CVE-2021-30702
- CVE-2021-30696
- CVE-2021-30819
- CVE-2021-30723
- CVE-2021-30691
- CVE-2021-30694
- CVE-2021-30692
- CVE-2021-30746
- CVE-2021-30693
- CVE-2021-30695
- CVE-2021-30708
- CVE-2021-30709
- CVE-2021-30725
- CVE-2021-30679
- CVE-2020-36226
- CVE-2020-36229
- CVE-2020-36225
- CVE-2020-36224
- CVE-2020-36223
- CVE-2020-36227
- CVE-2020-36228
- CVE-2020-36221
- CVE-2020-36222
- CVE-2020-36230
- CVE-2021-30737
- CVE-2021-30716
- CVE-2021-30717
- CVE-2021-30712
- CVE-2021-30721
- CVE-2021-30722
- CVE-2021-30671
- CVE-2021-1835
- CVE-2021-1837
- CVE-2021-30742
- CVE-2021-1812
- CVE-2021-30656
- CVE-2021-30662
- CVE-2021-1877
- CVE-2021-1852
- CVE-2021-1830
- CVE-2021-1874
- CVE-2021-1833
- CVE-2021-1865
- CVE-2021-1863
- CVE-2021-1807
- CVE-2021-1831
- CVE-2021-1862
- CVE-2021-1854
- CVE-2021-30921
- CVE-2021-1848
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-30743.
What is the title of this vulnerability?
The title of this vulnerability is "ImageIO. An out-of-bounds write was addressed with improved input validation."
What is the description of this vulnerability?
The description of this vulnerability is "ImageIO. Processing a maliciously crafted image may lead to arbitrary code execution."
Which software are affected by this vulnerability?
The software affected by this vulnerability are Apple iOS up to and excluding version 14.5, Apple iPadOS up to and excluding version 14.5, Apple watchOS up to and excluding version 7.4, Apple macOS Big Sur up to and excluding version 11.3, Apple Catalina, and Apple tvOS up to and excluding version 14.5.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the following references: [link1](https://support.apple.com/en-us/HT212530), [link2](https://support.apple.com/en-us/HT212317), [link3](https://support.apple.com/en-us/HT212324).
What is the Common Weakness Enumeration (CWE) ID for this vulnerability?
The Common Weakness Enumeration (CWE) ID for this vulnerability is 20.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/description
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/source
- agent/author
- source/Apple
- agent/software-canonical-lookup
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/apple
- canonical/apple macos
- canonical/tvos
- canonical/macos catalina
- canonical/apple ios, ipados, and watchos
- canonical/ios
- canonical/apple ios and macos
- version/apple ios and macos/10.15
- version/apple ios and macos/10.15.1
- version/apple ios and macos/10.15.2
- version/apple ios and macos/10.15.3
- version/apple ios and macos/10.15.4
- version/apple ios and macos/10.15.5
- version/apple ios and macos/10.15.6
- version/apple ios and macos/10.15.6-supplemental_update
- version/apple ios and macos/10.15.7
- version/apple ios and macos/10.15.7-security_update_2020
- version/apple ios and macos/10.15.7-security_update_2020-001
- version/apple ios and macos/10.15.7-security_update_2020-005
- version/apple ios and macos/10.15.7-security_update_2020-007
- version/apple ios and macos/10.15.7-security_update_2021-001
- version/apple ios and macos/10.15.7-security_update_2021-002
- version/apple ios and macos/10.15.7-supplemental_update
- version/apple ios and macos/11.0.1