CVE-2020-3870

EUVD-2020-25135
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
appleipados
𝑥
< 13.3.1
appleiphone_os
𝑥
< 13.3.1
applemac_os_x
𝑥
< 10.15.3
appletvos
𝑥
< 13.3.1
applewatchos
𝑥
< 6.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.apple.com/HT210918
https://support.apple.com/HT210919
https://support.apple.com/HT210920
https://support.apple.com/HT210921
https://support.apple.com/HT210918
https://support.apple.com/HT210919
https://support.apple.com/HT210920
https://support.apple.com/HT210921