CVE-2020-29629: Input Validation

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-29629.

Q: What is the title of this vulnerability?

The title of this vulnerability is FontParser. An out-of-bounds read was addressed with improved input validation.

Q: Which software versions are affected by this vulnerability?

The following software versions are affected: Apple tvOS up to version 14.0, Apple iOS up to version 14.0, Apple iPadOS up to version 14.0, Apple Catalina, Apple macOS Big Sur up to version 11.0.1, and Apple watchOS up to version 7.0.

Q: How was this vulnerability addressed?

This vulnerability was addressed with improved input validation.

Q: Where can I find more information about this vulnerability?

You can find more information about this vulnerability at the following references: [Link 1](https://support.apple.com/en-us/HT212530), [Link 2](https://support.apple.com/en-us/HT211843), and [Link 3](https://support.apple.com/en-us/HT211844).

Published Sep 16, 2020

Updated

FontParser. An out-of-bounds read was addressed with improved input validation.

Other sources

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to read restricted memory.

Credit

an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher

Affected Software

7 affected componentsFixes available

Apple macOS Big Sur<11.0.1

11.0.1

Apple tvOS<14.0

14.0

Apple Catalina

Apple WatchOS<7.0

7.0

Apple macOS<11.0.1

Apple iOS<14.0

14.0

Apple iPadOS<14.0

14.0

Event History

Oct 28, 2021

CVE Published

via MITRE·06:16 PM

Data Sourced

via MITRE·06:16 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2020-27914
CVE-2020-27915
CVE-2020-27903
CVE-2020-27910
CVE-2020-27916
CVE-2020-9943
CVE-2020-9944
CVE-2020-27906
CVE-2020-27945
CVE-2020-27908
CVE-2020-27909
CVE-2020-9960
CVE-2020-10017
CVE-2020-9949
CVE-2020-9897
CVE-2020-9883
CVE-2020-10003
CVE-2020-27922
CVE-2020-9999
CVE-2020-27937
CVE-2020-9965
CVE-2020-9966
CVE-2020-27894
CVE-2020-36615
CVE-2021-1790
CVE-2021-1775
CVE-2020-29629
CVE-2020-27942
CVE-2020-9962
CVE-2020-27952
CVE-2020-9956
CVE-2020-27931
CVE-2020-27930
CVE-2020-27927
CVE-2020-29639
CVE-2020-10002
CVE-2020-9978
CVE-2020-9955
CVE-2020-27924
CVE-2020-27912
CVE-2020-27923
CVE-2020-9876
CVE-2020-10015
CVE-2020-27897
CVE-2020-27907
CVE-2020-27919
CVE-2020-9967
CVE-2020-9975
CVE-2020-27921
CVE-2020-27904
CVE-2019-14899
CVE-2020-27950
CVE-2020-9974
CVE-2020-10016
CVE-2020-27932
CVE-2020-27917
CVE-2020-27920
CVE-2020-27911
CVE-2020-9971
CVE-2020-10014
CVE-2020-10010
CVE-2020-9941
CVE-2020-9988
CVE-2020-9989
CVE-2020-10011
CVE-2020-13524
CVE-2020-10004
CVE-2020-9996
CVE-2020-27901
CVE-2020-27900
CVE-2019-20838
CVE-2020-14155
CVE-2020-10007
CVE-2020-27896
CVE-2020-9963
CVE-2020-10012
CVE-2020-10663
CVE-2020-9945
CVE-2020-9977
CVE-2020-9942
CVE-2020-9987
CVE-2021-1803
CVE-2020-9969
CVE-2020-27893
CVE-2021-1755
CVE-2020-10005
CVE-2020-9991
CVE-2020-9849
CVE-2020-15358
CVE-2020-13631
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-27899
CVE-2020-10009
CVE-2020-10008
CVE-2020-27918
CVE-2020-9947
CVE-2020-9950
CVE-2020-27898
CVE-2020-27935
CVE-2020-10006
CVE-2020-9979
CVE-2020-9954
CVE-2020-36521
CVE-2020-9961
CVE-2020-9976
CVE-2020-9981
CVE-2020-9968
CVE-2020-9951
CVE-2020-9983
CVE-2020-9952
CVE-2020-10013
CVE-2021-30676
CVE-2021-30678
CVE-2021-30688
CVE-2021-30669
CVE-2021-30685
CVE-2021-30686
CVE-2021-30681
CVE-2021-30724
CVE-2021-30673
CVE-2021-30684
CVE-2021-30735
CVE-2021-30710
CVE-2021-1884
CVE-2021-1883
CVE-2021-30697
CVE-2021-30683
CVE-2021-30687
CVE-2021-30701
CVE-2021-30743
CVE-2021-30705
CVE-2021-30728
CVE-2021-30719
CVE-2021-30726
CVE-2021-30704
CVE-2021-30715
CVE-2021-30739
CVE-2021-30702
CVE-2021-30696
CVE-2021-30819
CVE-2021-30723
CVE-2021-30691
CVE-2021-30694
CVE-2021-30692
CVE-2021-30746
CVE-2021-30693
CVE-2021-30695
CVE-2021-30708
CVE-2021-30709
CVE-2021-30725
CVE-2021-30679
CVE-2020-36226
CVE-2020-36229
CVE-2020-36225
CVE-2020-36224
CVE-2020-36223
CVE-2020-36227
CVE-2020-36228
CVE-2020-36221
CVE-2020-36222
CVE-2020-36230
CVE-2021-30737
CVE-2021-30716
CVE-2021-30717
CVE-2021-30712
CVE-2021-30721
CVE-2021-30722
CVE-2021-30671
CVE-2020-9946
CVE-2020-9993
CVE-2020-9958
CVE-2020-9773
CVE-2020-9992
CVE-2020-9964
CVE-2020-13520
CVE-2020-6147
CVE-2020-9972
CVE-2020-9973
CVE-2020-9959

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-29629.

What is the title of this vulnerability?

The title of this vulnerability is FontParser. An out-of-bounds read was addressed with improved input validation.

Which software versions are affected by this vulnerability?

The following software versions are affected: Apple tvOS up to version 14.0, Apple iOS up to version 14.0, Apple iPadOS up to version 14.0, Apple Catalina, Apple macOS Big Sur up to version 11.0.1, and Apple watchOS up to version 7.0.

How was this vulnerability addressed?

This vulnerability was addressed with improved input validation.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability at the following references: [Link 1](https://support.apple.com/en-us/HT212530), [Link 2](https://support.apple.com/en-us/HT211843), and [Link 3](https://support.apple.com/en-us/HT211844).

CVE-2020-29629: Input Validation

Other sources

Credit

Affected Software

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the vulnerability ID for this issue?

What is the title of this vulnerability?

Which software versions are affected by this vulnerability?

How was this vulnerability addressed?

Where can I find more information about this vulnerability?

Company

Resources

Contact