{ "id": "CVE-2020-27943", "sourceIdentifier": "product-security@apple.com", "published": "2021-04-02T18:15:16.513", "lastModified": "2022-06-28T14:11:45.273", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution." }, { "lang": "es", "value": "Se present\u00f3 un problema de corrupci\u00f3n de memoria en un procesamiento de archivos de fuentes. Este problema es abordado con una comprobaci\u00f3n de la entrada mejorada. Este problema es corregido en tvOS versi\u00f3n 14.3, iOS versi\u00f3n 14.3 y iPadOS versi\u00f3n 14.3, macOS Big Sur versi\u00f3n 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS versi\u00f3n 7.2. El procesamiento de un archivo fuente dise\u00f1ado maliciosamente puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-787" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.3", "matchCriteriaId": "54B6B3BF-0BE3-4975-AF60-85F781618539" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.3", "matchCriteriaId": "8B16DB0D-3DD4-492A-9D99-670C7B6136EA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.0", "matchCriteriaId": "9586416D-BC81-4491-80C1-B8E7D4DBBCBA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.3", "matchCriteriaId": "24E35E29-5575-4EEB-B8A6-D333149E4B3F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2", "matchCriteriaId": "EBB77299-35F0-4730-9853-D939C77E3FBE" } ] } ] } ], "references": [ { "url": "https://support.apple.com/en-us/HT212003", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://support.apple.com/en-us/HT212005", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://support.apple.com/en-us/HT212009", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://support.apple.com/en-us/HT212011", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] } ] }