{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30860", "ASSIGNER": "product-security@apple.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Apple", "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "<", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "<", "version_value": "2021-005" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "<", "version_value": "7.6" } ] } }, { "product_name": "iOS", "version": { "version_data": [ { "version_affected": "<", "version_value": "14.8" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212804", "name": "https://support.apple.com/en-us/HT212804" }, { "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212805", "name": "https://support.apple.com/en-us/HT212805" }, { "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212807", "name": "https://support.apple.com/en-us/HT212807" }, { "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212806", "name": "https://support.apple.com/en-us/HT212806" }, { "refsource": "FULLDISC", "name": "20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "url": "http://seclists.org/fulldisclosure/2021/Sep/28" }, { "refsource": "FULLDISC", "name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "url": "http://seclists.org/fulldisclosure/2021/Sep/27" }, { "refsource": "FULLDISC", "name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "url": "http://seclists.org/fulldisclosure/2021/Sep/25" }, { "refsource": "FULLDISC", "name": "20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2", "url": "http://seclists.org/fulldisclosure/2021/Sep/26" }, { "refsource": "FULLDISC", "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "url": "http://seclists.org/fulldisclosure/2021/Sep/40" }, { "refsource": "FULLDISC", "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "url": "http://seclists.org/fulldisclosure/2021/Sep/38" }, { "refsource": "FULLDISC", "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "url": "http://seclists.org/fulldisclosure/2021/Sep/39" }, { "refsource": "CONFIRM", "name": "https://support.apple.com/kb/HT212824", "url": "https://support.apple.com/kb/HT212824" }, { "refsource": "FULLDISC", "name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "url": "http://seclists.org/fulldisclosure/2021/Sep/50" }, { "refsource": "MLIST", "name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0", "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" }, { "refsource": "GENTOO", "name": "GLSA-202209-21", "url": "https://security.gentoo.org/glsa/202209-21" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." } ] } }