What is CVE-2021-30785?

CVE-2021-30785 is a vulnerability in ImageIO that allows a buffer overflow due to insufficient bounds checking.

What software products are affected by CVE-2021-30785?

CVE-2021-30785 affects Apple watchOS up to version 7.6, Apple tvOS up to version 14.7, Apple iTunes for Windows up to version 12.11.4, Apple Catalina, Apple macOS Big Sur up to version 11.5, and Apple iCloud for Windows up to version 12.5.

How severe is CVE-2021-30785?

The severity of CVE-2021-30785 is not specified in the provided information.

How can I fix CVE-2021-30785?

To fix CVE-2021-30785, you should update your affected software to the latest version provided by Apple.

Where can I find more information about CVE-2021-30785?

You can find more information about CVE-2021-30785 on the Apple support website.

Vulnerability/
CVE-2021-30785

high

7.8

CWE

119 120

19/7/2021

8/9/2021

3/8/2024

CVE-2021-30785: Apple macOS ImageIO PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

First published: Mon Jul 19 2021(Updated: )

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution.

Credit: Mickey Jin @patch1t Trend MicroCFF Topsec Alpha TeamCFF Topsec Alpha TeamMickey Jin @patch1t Trend MicroCFF Topsec Alpha TeamMickey Jin @patch1t Trend MicroMickey Jin @patch1t Trend Micro working with Trend Micro Zero Day InitiativeCFF Topsec Alpha TeamMickey Jin @patch1t Trend MicroCFF Topsec Alpha TeamMickey Jin @patch1t Trend Micro product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iCloud for Windows	<12.5	12.5
Apple iTunes for Windows	<12.11.4	12.11.4
Apple iPhone OS	<14.7
Apple Mac OS X	>=10.15<=10.15.6
Apple Mac OS X	=10.15.7
Apple Mac OS X	=10.15.7-security_update_2020
Apple Mac OS X	=10.15.7-security_update_2020-001
Apple Mac OS X	=10.15.7-security_update_2020-005
Apple Mac OS X	=10.15.7-security_update_2020-007
Apple Mac OS X	=10.15.7-security_update_2021-001
Apple Mac OS X	=10.15.7-security_update_2021-002
Apple Mac OS X	=10.15.7-security_update_2021-003
Apple Mac OS X	=10.15.7-supplemental_update
Apple macOS	<11.5
Apple tvOS	<14.7
Apple watchOS	<7.6
Apple watchOS	<7.6	7.6
Apple tvOS	<14.7	14.7
Apple Catalina
Apple macOS Big Sur	<11.5	11.5
Apple macOS

Never miss a vulnerability like this again

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2021-30785?
CVE-2021-30785 is a vulnerability in ImageIO that allows a buffer overflow due to insufficient bounds checking.
What software products are affected by CVE-2021-30785?
CVE-2021-30785 affects Apple watchOS up to version 7.6, Apple tvOS up to version 14.7, Apple iTunes for Windows up to version 12.11.4, Apple Catalina, Apple macOS Big Sur up to version 11.5, and Apple iCloud for Windows up to version 12.5.
How severe is CVE-2021-30785?
The severity of CVE-2021-30785 is not specified in the provided information.
How can I fix CVE-2021-30785?
To fix CVE-2021-30785, you should update your affected software to the latest version provided by Apple.
Where can I find more information about CVE-2021-30785?
You can find more information about CVE-2021-30785 on the Apple support website.

collector/apple-support
agent/type
agent/softwarecombine
agent/first-publish-date
agent/software-canonical-lookup-request
collector/nvd-index
agent/references
agent/title
agent/weakness
agent/severity
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/description
agent/event
agent/tags
collector/zdi-advisory
source/ZDI
alias/ZDI-22-353
alias/ZDI-CAN-13806
alias/CVE-2021-30785
agent/software-canonical-lookup
vendor/apple
canonical/apple icloud for windows
canonical/apple itunes for windows
canonical/apple catalina
canonical/apple macos big sur
canonical/apple watchos
canonical/apple iphone os
canonical/apple mac os x
version/apple mac os x/10.15
version/apple mac os x/10.15.6
version/apple mac os x/10.15.7
version/apple mac os x/10.15.7-security_update_2020
version/apple mac os x/10.15.7-security_update_2020-001
version/apple mac os x/10.15.7-security_update_2020-005
version/apple mac os x/10.15.7-security_update_2020-007
version/apple mac os x/10.15.7-security_update_2021-001
version/apple mac os x/10.15.7-security_update_2021-002
version/apple mac os x/10.15.7-security_update_2021-003
version/apple mac os x/10.15.7-supplemental_update
canonical/apple macos
canonical/apple tvos

CVE-2021-30785: Apple macOS ImageIO PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Peer vulnerabilities

Frequently Asked Questions

What is CVE-2021-30785?

What software products are affected by CVE-2021-30785?

How severe is CVE-2021-30785?

How can I fix CVE-2021-30785?

Where can I find more information about CVE-2021-30785?

Company

Resources

Contact