CVE-2020-27943
Last modified
CVE-2020-27943 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. EPSS estimates a 0.98% chance of exploitation in the next 30 days.
Description
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipad Os | < 14.3 |
| Apple | Iphone Os | < 14.3 |
| Apple | Macos | < 11.1.0 |
| Apple | Tvos | < 14.3 |
| Apple | Watchos | < 7.2 |
References
- https://support.apple.com/en-us/HT212003Vendor Advisory
- https://support.apple.com/en-us/HT212005Vendor Advisory
- https://support.apple.com/en-us/HT212009Vendor Advisory
- https://support.apple.com/en-us/HT212011Vendor Advisory
- https://support.apple.com/en-us/HT212003Vendor Advisory
- https://support.apple.com/en-us/HT212005Vendor Advisory
- https://support.apple.com/en-us/HT212009Vendor Advisory
- https://support.apple.com/en-us/HT212011Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-27943?
How severe is CVE-2020-27943?
How do I fix CVE-2020-27943?
Are you affected by CVE-2020-27943?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST