CVE-2021-1772: Apple macOS CoreText TTF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution.
Other sources
CoreText. A stack overflow was addressed with improved input validation.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of TTF fonts. A crafted TTF font can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Credit
Affected Software
Event History
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2021-1761
- CVE-2021-1797
- CVE-2021-1760
- CVE-2021-1747
- CVE-2021-1776
- CVE-2021-1759
- CVE-2021-1772
- CVE-2021-1792
- CVE-2021-1786
- CVE-2021-1787
- CVE-2021-1791
- CVE-2021-1758
- CVE-2021-1818
- CVE-2021-1766
- CVE-2021-1785
- CVE-2021-1744
- CVE-2021-1742
- CVE-2021-1746
- CVE-2021-1754
- CVE-2021-1774
- CVE-2021-1777
- CVE-2021-1793
- CVE-2021-1773
- CVE-2021-1741
- CVE-2021-1743
- CVE-2021-1778
- CVE-2021-1783
- CVE-2021-1757
- CVE-2021-1748
- CVE-2021-1764
- CVE-2021-1750
- CVE-2021-1782
- CVE-2021-1769
- CVE-2021-1788
- CVE-2021-1789
- CVE-2021-1801
- CVE-2021-1799
- CVE-2020-27945
- CVE-2020-27937
- CVE-2021-1802
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29608
- CVE-2021-1736
- CVE-2021-1737
- CVE-2021-1738
- CVE-2021-1779
- CVE-2020-27904
- CVE-2020-29633
- CVE-2021-1781
- CVE-2021-1771
- CVE-2021-1762
- CVE-2020-29614
- CVE-2021-1763
- CVE-2021-1767
- CVE-2021-1745
- CVE-2021-1753
- CVE-2021-1768
- CVE-2021-1751
- CVE-2020-25709
- CVE-2020-27938
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-15358
- CVE-2021-1765
- CVE-2021-1871
- CVE-2021-1870
- CVE-2021-30869
- CVE-2021-1794
- CVE-2021-1795
- CVE-2021-1796
- CVE-2021-1780
- CVE-2021-1838
- CVE-2021-1756
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-1772.
What is the title of this vulnerability?
The title of this vulnerability is CoreText. A stack overflow was addressed with improved input validation.
What software versions are affected by this vulnerability?
macOS Big Sur 11.2, Apple Catalina, Apple Mojave, Apple watchOS up to 7.3, Apple iOS up to 14.4, Apple iPadOS up to 14.4, Apple tvOS up to 14.4 are affected by this vulnerability.
What is the severity of this vulnerability?
The severity of this vulnerability is not mentioned in the provided information.
How can this vulnerability be fixed?
This vulnerability can be fixed by updating the affected software to the recommended versions mentioned in the remediation links provided by Apple.