CVE-2020-9883

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
appleicloud
𝑥
< 7.20
appleicloud
10.0 ≤
𝑥
< 11.3
appleitunes
𝑥
< 12.10.8
appleipados
𝑥
< 13.6
appleiphone_os
𝑥
< 13.6
applemac_os_x
10.13 ≤
𝑥
< 10.13.6
applemac_os_x
10.14 ≤
𝑥
< 10.14.6
applemac_os_x
10.15 ≤
𝑥
< 10.15.6
applemac_os_x
10.13.6
applemac_os_x
10.13.6:security_update_2018-002
applemac_os_x
10.13.6:security_update_2018-003
applemac_os_x
10.13.6:security_update_2019-001
applemac_os_x
10.13.6:security_update_2019-002
applemac_os_x
10.13.6:security_update_2019-003
applemac_os_x
10.13.6:security_update_2019-004
applemac_os_x
10.13.6:security_update_2019-005
applemac_os_x
10.13.6:security_update_2019-006
applemac_os_x
10.13.6:security_update_2019-007
applemac_os_x
10.13.6:security_update_2020-001
applemac_os_x
10.13.6:security_update_2020-002
applemac_os_x
10.13.6:security_update_2020-003
applemac_os_x
10.14.6
applemac_os_x
10.14.6:security_update_2019-001
applemac_os_x
10.14.6:security_update_2019-002
applemac_os_x
10.14.6:security_update_2019-004
applemac_os_x
10.14.6:security_update_2019-005
applemac_os_x
10.14.6:security_update_2019-006
applemac_os_x
10.14.6:security_update_2019-007
applemac_os_x
10.14.6:security_update_2020-001
applemac_os_x
10.14.6:security_update_2020-002
applemac_os_x
10.14.6:security_update_2020-003
applemacos
11.0 ≤
𝑥
< 11.0.1
applemacos
11.0.1
appletvos
𝑥
< 13.4.8
applewatchos
𝑥
< 6.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2020/Dec/32
https://support.apple.com/kb/HT211288
https://support.apple.com/kb/HT211289
https://support.apple.com/kb/HT211290
https://support.apple.com/kb/HT211291
https://support.apple.com/kb/HT211293
https://support.apple.com/kb/HT211294
https://support.apple.com/kb/HT211295
https://support.apple.com/kb/HT211931
https://www.zerodayinitiative.com/advisories/ZDI-20-1389/
http://seclists.org/fulldisclosure/2020/Dec/32
https://support.apple.com/kb/HT211288
https://support.apple.com/kb/HT211289
https://support.apple.com/kb/HT211290
https://support.apple.com/kb/HT211291
https://support.apple.com/kb/HT211293
https://support.apple.com/kb/HT211294
https://support.apple.com/kb/HT211295
https://support.apple.com/kb/HT211931
https://www.zerodayinitiative.com/advisories/ZDI-20-1389/