CVE-2021-1745: Input Validation
Published Jan 26, 2021
·Updated
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Other sources
Model I/O. An out-of-bounds read was addressed with improved input validation.
Credit
Mickey Jin & Junzhi Lu(Trend Micro working with Trend Micro), Mickey Jin & Junzhi Lu(Trend Micro working with Trend Micro)
Affected Software
25 affected componentsFixes available
Apple macOS Big Sur<11.2
11.2
Apple Catalina
Apple Mojave
Apple iOS<14.4
14.4
Apple iPadOS<14.4
14.4
Apple iPadOS<14.4
Apple iPhone OS<14.4
Apple iOS and macOS>=10.14<10.14.6
Apple iOS and macOS>=10.15<10.15.7
Apple iOS and macOS=10.14.6
Apple iOS and macOS=10.14.6-security_update_2019-001
Apple iOS and macOS=10.14.6-security_update_2019-002
Apple iOS and macOS=10.14.6-security_update_2020-001
Apple iOS and macOS=10.14.6-security_update_2020-002
Apple iOS and macOS=10.14.6-security_update_2020-003
Apple iOS and macOS=10.14.6-security_update_2020-004
Apple iOS and macOS=10.14.6-security_update_2020-005
Apple iOS and macOS=10.14.6-security_update_2020-006
Apple iOS and macOS=10.14.6-security_update_2020-007
Apple iOS and macOS=10.14.6-supplemental_update
Apple iOS and macOS=10.14.6-supplemental_update_2
Apple iOS and macOS=10.15.7
Apple iOS and macOS=10.15.7-security_update_2020-001
Apple iOS and macOS=10.15.7-supplemental_update
Apple macOS>=11.0.1<11.2
Event History
Apr 2, 2021
CVE Published
via MITRE·05:47 PM
Data Sourced
via MITRE·05:47 PM
DescriptionWeakness
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2021-1761
- CVE-2021-1797
- CVE-2020-27945
- CVE-2021-1760
- CVE-2021-1747
- CVE-2021-1776
- CVE-2021-1759
- CVE-2021-1772
- CVE-2021-1792
- CVE-2021-1787
- CVE-2021-1786
- CVE-2020-27937
- CVE-2021-1802
- CVE-2021-1791
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29608
- CVE-2021-1758
- CVE-2021-1783
- CVE-2021-1741
- CVE-2021-1743
- CVE-2021-1773
- CVE-2021-1778
- CVE-2021-1736
- CVE-2021-1785
- CVE-2021-1766
- CVE-2021-1818
- CVE-2021-1742
- CVE-2021-1746
- CVE-2021-1754
- CVE-2021-1774
- CVE-2021-1777
- CVE-2021-1793
- CVE-2021-1737
- CVE-2021-1738
- CVE-2021-1744
- CVE-2021-1779
- CVE-2021-1757
- CVE-2020-27904
- CVE-2021-1764
- CVE-2021-1782
- CVE-2021-1750
- CVE-2020-29633
- CVE-2021-1781
- CVE-2021-1771
- CVE-2021-1762
- CVE-2020-29614
- CVE-2021-1763
- CVE-2021-1767
- CVE-2021-1745
- CVE-2021-1753
- CVE-2021-1768
- CVE-2021-1751
- CVE-2020-25709
- CVE-2020-27938
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-15358
- CVE-2021-1769
- CVE-2021-1788
- CVE-2021-1765
- CVE-2021-1801
- CVE-2021-1789
- CVE-2021-1871
- CVE-2021-1870
- CVE-2021-1799
- CVE-2021-30869
- CVE-2021-1794
- CVE-2021-1795
- CVE-2021-1796
- CVE-2021-1780
- CVE-2021-1838
- CVE-2021-1748
- CVE-2021-1756