What is CVE-2021-30771?

CVE-2021-30771 is a vulnerability in FontParser that allows an attacker to perform an out-of-bounds write.

How does CVE-2021-30771 affect Apple tvOS?

Apple tvOS up to version 14.6 is affected by CVE-2021-30771.

How does CVE-2021-30771 affect Apple watchOS?

Apple watchOS up to version 7.5 is affected by CVE-2021-30771.

How does CVE-2021-30771 affect Apple macOS Big Sur?

Apple macOS Big Sur up to version 11.4 is affected by CVE-2021-30771.

How does CVE-2021-30771 affect Apple iOS?

Apple iOS up to version 14.6 is affected by CVE-2021-30771.

How does CVE-2021-30771 affect Apple iPadOS?

Apple iPadOS up to version 14.6 is affected by CVE-2021-30771.

What is the severity of CVE-2021-30771?

The severity of CVE-2021-30771 is not specified.

How do I fix CVE-2021-30771 on Apple tvOS?

To fix CVE-2021-30771 on Apple tvOS, update to version 14.6 or later.

How do I fix CVE-2021-30771 on Apple watchOS?

To fix CVE-2021-30771 on Apple watchOS, update to version 7.5 or later.

How do I fix CVE-2021-30771 on Apple macOS Big Sur?

To fix CVE-2021-30771 on Apple macOS Big Sur, update to version 11.4 or later.

How do I fix CVE-2021-30771 on Apple iOS?

To fix CVE-2021-30771 on Apple iOS, update to version 14.6 or later.

How do I fix CVE-2021-30771 on Apple iPadOS?

To fix CVE-2021-30771 on Apple iPadOS, update to version 14.6 or later.

Vulnerability/
CVE-2021-30771

high

7.8

CWE

20 787

24/5/2021

18/3/2022

25/5/2022

CVE-2021-30771: Input Validation

First published: Mon May 24 2021(Updated: )

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution.

Credit: Mickey Jin @patch1t Trend MicroCFF Topsec Alpha TeamMickey Jin @patch1t Trend MicroCFF Topsec Alpha TeamMickey Jin @patch1t Trend MicroCFF Topsec Alpha TeamMickey Jin @patch1t Trend MicroCFF Topsec Alpha Team product-security@apple.com

Affected Software	Affected Version	How to fix
Apple watchOS	<7.5	7.5
Apple macOS Big Sur	<11.4	11.4
Apple iOS	<14.6	14.6
Apple iPadOS	<14.6	14.6
Apple tvOS	<14.6	14.6
Apple iPadOS	<14.6
Apple iPhone OS	<14.6
Apple macOS	>=11.0<11.4
Apple tvOS	<14.6
Apple watchOS	<7.5

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT212528 (Advisory)
https://support.apple.com/en-us/HT212529 (Advisory)
https://support.apple.com/en-us/HT212532 (Advisory)
https://support.apple.com/en-us/HT212533 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2021-30707
CVE-2021-30685
CVE-2021-30714
CVE-2021-30729
CVE-2021-30681
CVE-2021-30686
CVE-2021-30733
CVE-2021-30753
CVE-2021-30727
CVE-2021-30724
CVE-2021-30771
CVE-2021-30697
CVE-2021-30710
CVE-2021-30687
CVE-2021-30700
CVE-2021-30701
CVE-2021-30705
CVE-2021-30706
CVE-2021-30740
CVE-2021-30674
CVE-2021-30704
CVE-2021-30715
CVE-2021-30736
CVE-2021-30703
CVE-2021-30677
CVE-2021-30741
CVE-2021-30756
CVE-2021-30723
CVE-2021-30691
CVE-2021-30692
CVE-2021-30694
CVE-2021-30725
CVE-2021-30746
CVE-2021-30693
CVE-2021-30695
CVE-2021-30708
CVE-2021-30709
CVE-2021-1821
CVE-2021-30699
CVE-2021-30999
CVE-2021-30737
CVE-2021-30744
CVE-2021-21779
CVE-2021-30682
CVE-2021-30689
CVE-2021-30749
CVE-2021-30734
CVE-2021-30720
CVE-2021-23841
CVE-2021-30698
CVE-2021-30667
CVE-2021-30678
CVE-2021-30676
CVE-2021-30688
CVE-2021-30669
CVE-2021-30672
CVE-2021-30673
CVE-2021-30755
CVE-2021-30684
CVE-2021-30735
CVE-2021-30683
CVE-2021-30719
CVE-2021-30728
CVE-2021-30726
CVE-2021-30731
CVE-2021-30739
CVE-2021-30680
CVE-2021-30702
CVE-2021-30696
CVE-2021-30679
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
CVE-2021-30738
CVE-2021-30751
CVE-2021-30716
CVE-2021-30717
CVE-2021-30721
CVE-2021-30722
CVE-2021-30712
CVE-2021-30668
CVE-2021-30718
CVE-2021-30671
CVE-2021-30713
CVE-2021-30665
CVE-2021-30663

Frequently Asked Questions

What is CVE-2021-30771?
CVE-2021-30771 is a vulnerability in FontParser that allows an attacker to perform an out-of-bounds write.
How does CVE-2021-30771 affect Apple tvOS?
Apple tvOS up to version 14.6 is affected by CVE-2021-30771.
How does CVE-2021-30771 affect Apple watchOS?
Apple watchOS up to version 7.5 is affected by CVE-2021-30771.
How does CVE-2021-30771 affect Apple macOS Big Sur?
Apple macOS Big Sur up to version 11.4 is affected by CVE-2021-30771.
How does CVE-2021-30771 affect Apple iOS?
Apple iOS up to version 14.6 is affected by CVE-2021-30771.
How does CVE-2021-30771 affect Apple iPadOS?
Apple iPadOS up to version 14.6 is affected by CVE-2021-30771.
What is the severity of CVE-2021-30771?
The severity of CVE-2021-30771 is not specified.
How do I fix CVE-2021-30771 on Apple tvOS?
To fix CVE-2021-30771 on Apple tvOS, update to version 14.6 or later.
How do I fix CVE-2021-30771 on Apple watchOS?
To fix CVE-2021-30771 on Apple watchOS, update to version 7.5 or later.
How do I fix CVE-2021-30771 on Apple macOS Big Sur?
To fix CVE-2021-30771 on Apple macOS Big Sur, update to version 11.4 or later.
How do I fix CVE-2021-30771 on Apple iOS?
To fix CVE-2021-30771 on Apple iOS, update to version 14.6 or later.
How do I fix CVE-2021-30771 on Apple iPadOS?
To fix CVE-2021-30771 on Apple iPadOS, update to version 14.6 or later.

collector/apple-support
agent/software-canonical-lookup-request
collector/nvd-index
agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
vendor/apple
canonical/apple ios
canonical/apple ipados
canonical/apple macos big sur
canonical/apple tvos
canonical/apple watchos
canonical/apple iphone os
canonical/apple macos
version/apple macos/11.0