CVE-2021-30939: Apple macOS ImageIO DDS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
First published: Tue Aug 24 2021(Updated: )
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution.
Credit: Mickey Jin @patch1t Trend MicroJaewon Min Cisco TalosRui Yang Xingwei Lin Ant Security Light cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <11.6.2 | 11.6.2 |
| tvOS | <15.2 | 15.2 |
| macOS Catalina | ||
| Apple iOS, iPadOS, and watchOS | <8.3 | 8.3 |
| macOS | <12.1 | 12.1 |
| macOS | ||
| Apple iOS and iPadOS | <15.2 | 15.2 |
| Apple iOS, iPadOS, and macOS | <15.2 | 15.2 |
| Apple iOS, iPadOS, and macOS | <15.2 | |
| iPhone OS | <15.2 | |
| Apple iOS and macOS | >=10.15<10.15.7 | |
| Apple iOS and macOS | =10.15.7 | |
| Apple iOS and macOS | =10.15.7-security_update_2020-001 | |
| Apple iOS and macOS | =10.15.7-security_update_2020-005 | |
| Apple iOS and macOS | =10.15.7-security_update_2020-007 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-001 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-002 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-003 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-004 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-005 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-006 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-007 | |
| macOS | >=11.0<11.6.2 | |
| macOS | >=12.0<12.1 | |
| tvOS | <15.2 | |
| Apple iOS, iPadOS, and watchOS | <8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212975 (Advisory)
- https://support.apple.com/en-us/HT212976 (Advisory)
- https://support.apple.com/en-us/HT212978 (Advisory)
- https://support.apple.com/en-us/HT212979 (Advisory)
- https://support.apple.com/en-us/HT212980 (Advisory)
- https://support.apple.com/en-us/HT212981 (Advisory)
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1414
- https://www.zerodayinitiative.com/advisories/ZDI-22-359/
- https://support.apple.com/HT212979
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-30950
- CVE-2021-30931
- CVE-2021-30935
- CVE-2021-30942
- CVE-2021-30957
- CVE-2021-30962
- CVE-2021-30959
- CVE-2021-30961
- CVE-2021-30963
- CVE-2021-30958
- CVE-2021-30945
- CVE-2021-31007
- CVE-2021-31013
- CVE-2021-30895
- CVE-2021-30977
- CVE-2021-30969
- CVE-2021-30939
- CVE-2021-30981
- CVE-2021-30982
- CVE-2021-30927
- CVE-2021-30980
- CVE-2021-30937
- CVE-2021-30949
- CVE-2021-30990
- CVE-2021-30976
- CVE-2021-30929
- CVE-2021-30979
- CVE-2021-30940
- CVE-2021-30941
- CVE-2021-30973
- CVE-2021-30971
- CVE-2021-30995
- CVE-2021-30968
- CVE-2021-30947
- CVE-2021-30946
- CVE-2021-30975
- CVE-2021-31002
- CVE-2021-30767
- CVE-2021-30970
- CVE-2021-30965
- CVE-2021-30938
- CVE-2021-30960
- CVE-2021-30966
- CVE-2021-30926
- CVE-2021-31000
- CVE-2021-30916
- CVE-2021-30993
- CVE-2021-30955
- CVE-2021-30944
- CVE-2021-30934
- CVE-2021-30936
- CVE-2021-30951
- CVE-2021-30952
- CVE-2021-30984
- CVE-2021-30953
- CVE-2021-30954
- CVE-2021-30943
- CVE-2021-30964
- CVE-2021-30987
- CVE-2021-30986
- CVE-2021-30996
- CVE-2021-31009
- CVE-2021-30972
- CVE-2021-30956
- CVE-2021-30992
- CVE-2021-30983
- CVE-2021-30985
- CVE-2021-30991
- CVE-2021-30998
- CVE-2021-30997
- CVE-2021-30967
- CVE-2021-30988
- CVE-2021-30932
- CVE-2021-30948
Frequently Asked Questions
What is CVE-2021-30939?
CVE-2021-30939 is a vulnerability in Apple macOS that allows remote attackers to disclose sensitive information.
How severe is CVE-2021-30939?
CVE-2021-30939 has a severity rating of 7.8 (high).
Which software versions are affected by CVE-2021-30939?
CVE-2021-30939 affects Apple macOS Monterey 12.1, tvOS 15.2, watchOS 8.3, macOS Big Sur 11.6.2, iOS 15.2, and iPadOS 15.2.
How can CVE-2021-30939 be exploited?
Exploiting CVE-2021-30939 requires interaction with the ImageIO library, and the attack vectors may vary depending on the implementation.
Are there any remediation steps available for CVE-2021-30939?
Yes, Apple has released security updates to address CVE-2021-30939. Please refer to the official Apple advisory for more information.
- agent/type
- agent/references
- agent/title
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/author
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-359
- alias/ZDI-CAN-15199
- alias/CVE-2021-30939
- agent/software-canonical-lookup
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- collector/nvd-index
- vendor/apple
- canonical/apple macos
- canonical/tvos
- canonical/macos catalina
- canonical/apple ios, ipados, and watchos
- canonical/macos
- canonical/apple ios and ipados
- canonical/apple ios, ipados, and macos
- canonical/iphone os
- canonical/apple ios and macos
- version/apple ios and macos/10.15
- version/apple ios and macos/10.15.7
- version/apple ios and macos/10.15.7-security_update_2020-001
- version/apple ios and macos/10.15.7-security_update_2020-005
- version/apple ios and macos/10.15.7-security_update_2020-007
- version/apple ios and macos/10.15.7-security_update_2021-001
- version/apple ios and macos/10.15.7-security_update_2021-002
- version/apple ios and macos/10.15.7-security_update_2021-003
- version/apple ios and macos/10.15.7-security_update_2021-004
- version/apple ios and macos/10.15.7-security_update_2021-005
- version/apple ios and macos/10.15.7-security_update_2021-006
- version/apple ios and macos/10.15.7-security_update_2021-007
- version/macos/11.0
- version/macos/12.0