CVE-2021-30743: Input Validation

Q: What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2021-30743.

Q: What is the title of this vulnerability?

The title of this vulnerability is "ImageIO. An out-of-bounds write was addressed with improved input validation."

Q: What is the description of this vulnerability?

The description of this vulnerability is "ImageIO. Processing a maliciously crafted image may lead to arbitrary code execution."

Q: Which software are affected by this vulnerability?

The software affected by this vulnerability are Apple iOS up to and excluding version 14.5, Apple iPadOS up to and excluding version 14.5, Apple watchOS up to and excluding version 7.4, Apple macOS Big Sur up to and excluding version 11.3, Apple Catalina, and Apple tvOS up to and excluding version 14.5.

Q: Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the following references: [link1](https://support.apple.com/en-us/HT212530), [link2](https://support.apple.com/en-us/HT212317), [link3](https://support.apple.com/en-us/HT212324).

Q: What is the Common Weakness Enumeration (CWE) ID for this vulnerability?

The Common Weakness Enumeration (CWE) ID for this vulnerability is 20.

Published Apr 26, 2021

Updated

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.

Other sources

ImageIO. An out-of-bounds write was addressed with improved input validation.

ImageIO. Processing a maliciously crafted image may lead to arbitrary code execution.

Credit

CFF(Topsec Alpha Team), an anonymous researcher, Jeonghoon Shin@@singi21a(THEORI working with Trend Micro Zero Day Initiative), Ye Zhang@@co0py_Cat(Baidu Security), Jzhu(Trend Micro Zero Day Initiative), Xingwei Lin(Ant Security Light)

Affected Software

29 affected componentsFixes available

Apple macOS Big Sur<11.3

11.3

Apple tvOS<14.5

14.5

Apple Catalina

Apple WatchOS<7.4

7.4

Apple iOS<14.5

14.5

Apple iPadOS<14.5

14.5

Apple iPadOS<14.5

Apple iPhone OS<14.5

Apple iOS and macOS=10.15

Apple iOS and macOS=10.15.1

Apple iOS and macOS=10.15.2

Apple iOS and macOS=10.15.3

Apple iOS and macOS=10.15.4

Apple iOS and macOS=10.15.5

Apple iOS and macOS=10.15.6

Apple iOS and macOS=10.15.6-supplemental_update

Apple iOS and macOS=10.15.7

Apple iOS and macOS=10.15.7-security_update_2020

Apple iOS and macOS=10.15.7-security_update_2020-001

Apple iOS and macOS=10.15.7-security_update_2020-005

Apple iOS and macOS=10.15.7-security_update_2020-007

Apple iOS and macOS=10.15.7-security_update_2021-001

Apple iOS and macOS=10.15.7-security_update_2021-002

Apple iOS and macOS=10.15.7-supplemental_update

Apple macOS>=11.0.1<11.3

Apple tvOS<14.5

Apple WatchOS<7.4

Event History

Sep 8, 2021

CVE Published

via MITRE·01:44 PM

Data Sourced

via MITRE·01:44 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2021-1853
CVE-2021-1849
CVE-2021-1867
CVE-2021-1810
CVE-2021-1808
CVE-2021-1857
CVE-2021-30752
CVE-2021-30664
CVE-2021-1846
CVE-2021-1809
CVE-2021-30659
CVE-2021-1847
CVE-2021-1811
CVE-2020-8284
CVE-2020-8286
CVE-2020-8285
CVE-2021-1784
CVE-2021-1872
CVE-2021-1881
CVE-2021-1882
CVE-2021-1813
CVE-2021-1883
CVE-2021-1884
CVE-2021-1880
CVE-2021-30653
CVE-2021-1814
CVE-2021-1843
CVE-2021-1885
CVE-2021-1858
CVE-2021-30743
CVE-2021-30658
CVE-2021-1841
CVE-2021-1834
CVE-2021-1860
CVE-2021-1840
CVE-2021-1851
CVE-2021-1832
CVE-2021-30660
CVE-2021-30652
CVE-2021-1875
CVE-2021-1824
CVE-2021-1859
CVE-2021-1876
CVE-2021-1815
CVE-2021-1739
CVE-2021-1740
CVE-2021-1861
CVE-2021-1855
CVE-2021-1868
CVE-2021-30750
CVE-2021-1878
CVE-2021-30657
CVE-2021-30856
CVE-2020-8037
CVE-2021-1839
CVE-2021-1825
CVE-2021-1817
CVE-2021-1826
CVE-2021-1820
CVE-2021-30661
CVE-2020-7463
CVE-2021-1828
CVE-2021-1829
CVE-2021-30655
CVE-2021-1770
CVE-2021-1873
CVE-2021-1836
CVE-2021-30764
CVE-2021-1864
CVE-2021-1816
CVE-2021-1822
CVE-2021-1844
CVE-2021-30676
CVE-2021-30678
CVE-2021-30688
CVE-2021-30669
CVE-2021-30685
CVE-2021-30686
CVE-2021-30681
CVE-2021-30724
CVE-2021-30673
CVE-2020-29629
CVE-2021-30684
CVE-2021-30735
CVE-2021-30710
CVE-2021-30697
CVE-2021-30683
CVE-2021-30687
CVE-2021-30701
CVE-2021-30705
CVE-2021-30728
CVE-2021-30719
CVE-2021-30726
CVE-2021-30704
CVE-2021-30715
CVE-2021-30739
CVE-2021-30702
CVE-2021-30696
CVE-2021-30819
CVE-2021-30723
CVE-2021-30691
CVE-2021-30694
CVE-2021-30692
CVE-2021-30746
CVE-2021-30693
CVE-2021-30695
CVE-2021-30708
CVE-2021-30709
CVE-2021-30725
CVE-2021-30679
CVE-2020-36226
CVE-2020-36229
CVE-2020-36225
CVE-2020-36224
CVE-2020-36223
CVE-2020-36227
CVE-2020-36228
CVE-2020-36221
CVE-2020-36222
CVE-2020-36230
CVE-2021-30737
CVE-2021-30716
CVE-2021-30717
CVE-2021-30712
CVE-2021-30721
CVE-2021-30722
CVE-2021-30671
CVE-2021-1807
CVE-2021-1835
CVE-2021-1837
CVE-2021-30742
CVE-2021-1812
CVE-2021-30656
CVE-2021-30662
CVE-2021-1877
CVE-2021-1852
CVE-2021-1830
CVE-2021-1874
CVE-2021-1833
CVE-2021-1865
CVE-2021-1863
CVE-2021-1831
CVE-2021-1862
CVE-2021-1854
CVE-2021-30921
CVE-2021-1848

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2021-30743.

What is the title of this vulnerability?

The title of this vulnerability is "ImageIO. An out-of-bounds write was addressed with improved input validation."

What is the description of this vulnerability?

The description of this vulnerability is "ImageIO. Processing a maliciously crafted image may lead to arbitrary code execution."

Which software are affected by this vulnerability?

The software affected by this vulnerability are Apple iOS up to and excluding version 14.5, Apple iPadOS up to and excluding version 14.5, Apple watchOS up to and excluding version 7.4, Apple macOS Big Sur up to and excluding version 11.3, Apple Catalina, and Apple tvOS up to and excluding version 14.5.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the following references: [link1](https://support.apple.com/en-us/HT212530), [link2](https://support.apple.com/en-us/HT212317), [link3](https://support.apple.com/en-us/HT212324).

What is the Common Weakness Enumeration (CWE) ID for this vulnerability?

The Common Weakness Enumeration (CWE) ID for this vulnerability is 20.

CVE-2021-30743: Input Validation

Other sources

Credit

Affected Software

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?

What is the title of this vulnerability?

What is the description of this vulnerability?

Which software are affected by this vulnerability?

Where can I find more information about this vulnerability?

What is the Common Weakness Enumeration (CWE) ID for this vulnerability?

Company

Resources

Contact