CVE-2021-30743: Input Validation
First published: Mon Apr 26 2021(Updated: )
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.
Credit: CFF Topsec Alpha TeamYe Zhang @co0py_Cat Baidu Security Jeonghoon Shin @singi21a THEORI working with Trend Micro Zero Day InitiativeYe Zhang @co0py_Cat Baidu SecurityCFF Topsec Alpha TeamJzhu Trend Micro Zero Day InitiativeXingwei Lin Ant Security LightCFF Topsec Alpha TeamJeonghoon Shin @singi21a THEORI working with Trend Micro Zero Day InitiativeJzhu Trend Micro Zero Day InitiativeYe Zhang @co0py_Cat Baidu SecurityJzhu Trend Micro Zero Day InitiativeXingwei Lin Ant Security LightCFF Topsec Alpha TeamJeonghoon Shin @singi21a THEORI working with Trend Micro Zero Day InitiativeYe Zhang @co0py_Cat Baidu SecurityCFF Topsec Alpha TeamJzhu Trend Micro Zero Day InitiativeXingwei Lin Ant Security LightCFF Topsec Alpha TeamJeonghoon Shin @singi21a THEORI working with Trend Micro Zero Day InitiativeCFF Topsec Alpha Teaman anonymous researcher Jeonghoon Shin @singi21a THEORI working with Trend Micro Zero Day Initiative product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <14.5 | 14.5 |
| Apple iPadOS | <14.5 | 14.5 |
| Apple tvOS | <14.5 | 14.5 |
| <7.4 | 7.4 | |
| Apple macOS Big Sur | <11.3 | 11.3 |
| Apple Catalina | ||
| Apple iPadOS | <14.5 | |
| Apple iPhone OS | <14.5 | |
| Apple Mac OS X | =10.15 | |
| Apple Mac OS X | =10.15.1 | |
| Apple Mac OS X | =10.15.2 | |
| Apple Mac OS X | =10.15.3 | |
| Apple Mac OS X | =10.15.4 | |
| Apple Mac OS X | =10.15.5 | |
| Apple Mac OS X | =10.15.6 | |
| Apple Mac OS X | =10.15.6 | |
| Apple Mac OS X | =10.15.6-supplemental_update | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-security_update_2020 | |
| Apple Mac OS X | =10.15.7-security_update_2020-001 | |
| Apple Mac OS X | =10.15.7-security_update_2020-005 | |
| Apple Mac OS X | =10.15.7-security_update_2020-007 | |
| Apple Mac OS X | =10.15.7-security_update_2021-001 | |
| Apple Mac OS X | =10.15.7-security_update_2021-002 | |
| Apple Mac OS X | =10.15.7-supplemental_update | |
| Apple macOS | >=11.0.1<11.3 | |
| Apple tvOS | <14.5 | |
| Apple watchOS | <7.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-30676
- CVE-2021-30678
- CVE-2021-30688
- CVE-2021-30669
- CVE-2021-30685
- CVE-2021-30686
- CVE-2021-30681
- CVE-2021-30724
- CVE-2021-30673
- CVE-2020-29629
- CVE-2021-30684
- CVE-2021-30735
- CVE-2021-30710
- CVE-2021-1884
- CVE-2021-1883
- CVE-2021-30697
- CVE-2021-30683
- CVE-2021-30687
- CVE-2021-30701
- CVE-2021-30743
- CVE-2021-30705
- CVE-2021-30728
- CVE-2021-30719
- CVE-2021-30726
- CVE-2021-30704
- CVE-2021-30715
- CVE-2021-30739
- CVE-2021-30702
- CVE-2021-30696
- CVE-2021-30819
- CVE-2021-30723
- CVE-2021-30691
- CVE-2021-30694
- CVE-2021-30692
- CVE-2021-30746
- CVE-2021-30693
- CVE-2021-30695
- CVE-2021-30708
- CVE-2021-30709
- CVE-2021-30725
- CVE-2021-30679
- CVE-2020-36226
- CVE-2020-36229
- CVE-2020-36225
- CVE-2020-36224
- CVE-2020-36223
- CVE-2020-36227
- CVE-2020-36228
- CVE-2020-36221
- CVE-2020-36222
- CVE-2020-36230
- CVE-2021-30737
- CVE-2021-30716
- CVE-2021-30717
- CVE-2021-30712
- CVE-2021-30721
- CVE-2021-30722
- CVE-2021-30671
- CVE-2021-1853
- CVE-2021-1849
- CVE-2021-1867
- CVE-2021-1810
- CVE-2021-1808
- CVE-2021-1857
- CVE-2021-30752
- CVE-2021-30664
- CVE-2021-1846
- CVE-2021-1809
- CVE-2021-30659
- CVE-2021-1847
- CVE-2021-1811
- CVE-2020-8284
- CVE-2020-8286
- CVE-2020-8285
- CVE-2021-1784
- CVE-2021-1872
- CVE-2021-1881
- CVE-2021-1882
- CVE-2021-1813
- CVE-2021-1880
- CVE-2021-30653
- CVE-2021-1814
- CVE-2021-1843
- CVE-2021-1885
- CVE-2021-1858
- CVE-2021-30658
- CVE-2021-1841
- CVE-2021-1834
- CVE-2021-1860
- CVE-2021-1840
- CVE-2021-1851
- CVE-2021-1832
- CVE-2021-30660
- CVE-2021-30652
- CVE-2021-1875
- CVE-2021-1824
- CVE-2021-1859
- CVE-2021-1876
- CVE-2021-1815
- CVE-2021-1739
- CVE-2021-1740
- CVE-2021-1861
- CVE-2021-1855
- CVE-2021-1868
- CVE-2021-30750
- CVE-2021-1878
- CVE-2021-30657
- CVE-2021-30856
- CVE-2020-8037
- CVE-2021-1839
- CVE-2021-1825
- CVE-2021-1817
- CVE-2021-1826
- CVE-2021-1820
- CVE-2021-30661
- CVE-2020-7463
- CVE-2021-1828
- CVE-2021-1829
- CVE-2021-30655
- CVE-2021-1770
- CVE-2021-1873
- CVE-2021-1836
- CVE-2021-30764
- CVE-2021-1864
- CVE-2021-1816
- CVE-2021-1822
- CVE-2021-1844
- CVE-2021-1807
- CVE-2021-1835
- CVE-2021-1837
- CVE-2021-30742
- CVE-2021-1812
- CVE-2021-30656
- CVE-2021-30662
- CVE-2021-1877
- CVE-2021-1852
- CVE-2021-1830
- CVE-2021-1874
- CVE-2021-1833
- CVE-2021-1865
- CVE-2021-1863
- CVE-2021-1831
- CVE-2021-1862
- CVE-2021-1854
- CVE-2021-30921
- CVE-2021-1848
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-30743.
What is the title of this vulnerability?
The title of this vulnerability is "ImageIO. An out-of-bounds write was addressed with improved input validation."
What is the description of this vulnerability?
The description of this vulnerability is "ImageIO. Processing a maliciously crafted image may lead to arbitrary code execution."
Which software are affected by this vulnerability?
The software affected by this vulnerability are Apple iOS up to and excluding version 14.5, Apple iPadOS up to and excluding version 14.5, Apple watchOS up to and excluding version 7.4, Apple macOS Big Sur up to and excluding version 11.3, Apple Catalina, and Apple tvOS up to and excluding version 14.5.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the following references: [link1](https://support.apple.com/en-us/HT212530), [link2](https://support.apple.com/en-us/HT212317), [link3](https://support.apple.com/en-us/HT212324).
What is the Common Weakness Enumeration (CWE) ID for this vulnerability?
The Common Weakness Enumeration (CWE) ID for this vulnerability is 20.
- collector/apple-support
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/event
- source/Apple
- agent/software-canonical-lookup
- agent/description
- agent/tags
- agent/references
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple catalina
- canonical/apple macos big sur
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple mac os x
- version/apple mac os x/10.15
- version/apple mac os x/10.15.1
- version/apple mac os x/10.15.2
- version/apple mac os x/10.15.3
- version/apple mac os x/10.15.4
- version/apple mac os x/10.15.5
- version/apple mac os x/10.15.6
- version/apple mac os x/10.15.6-supplemental_update
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-security_update_2020
- version/apple mac os x/10.15.7-security_update_2020-001
- version/apple mac os x/10.15.7-security_update_2020-005
- version/apple mac os x/10.15.7-security_update_2020-007
- version/apple mac os x/10.15.7-security_update_2021-001
- version/apple mac os x/10.15.7-security_update_2021-002
- version/apple mac os x/10.15.7-supplemental_update
- canonical/apple macos
- version/apple macos/11.0.1
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple ios