CVE-2021-30860

HIGH KEV

Apple iOS/iPadOS/macOS - Integer Overflow in PDF Processing

Title source: llm

Description

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Exploits (2)

nomisec WORKING POC 100 stars

by jeffssh · poc

https://github.com/jeffssh/CVE-2021-30860

View Code ZIP pw:eip

nomisec SCANNER 11 stars

by Levilutz · poc

https://github.com/Levilutz/CVE-2021-30860

View Code ZIP pw:eip

References (16)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2021/Sep/25

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2021/Sep/26

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2021/Sep/27

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2021/Sep/28

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2021/Sep/38

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2021/Sep/39

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2021/Sep/40

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2021/Sep/50

[Mailing List] http://www.openwall.com/lists/oss-security/2022/09/02/11

[Third Party Advisory] https://security.gentoo.org/glsa/202209-21

[Vendor Advisory] https://support.apple.com/en-us/HT212804

[Vendor Advisory] https://support.apple.com/en-us/HT212805

[Vendor Advisory] https://support.apple.com/en-us/HT212806

[Vendor Advisory] https://support.apple.com/en-us/HT212807

[Vendor Advisory] https://support.apple.com/kb/HT212824

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30860

Scores

CVSS v3 7.8

EPSS 0.7064

EPSS Percentile 98.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-09-07

InTheWild.io 2021-09-13

ENISA EUVD EUVD-2021-17777

CWE

CWE-190

Status published

Products (8)

apple/ipados < 14.8

apple/iphone_os < 12.5.5

apple/macos < 11.6

apple/mac_os_x 10.15.7 (7 CPE variants)

apple/mac_os_x 10.15 - 10.15.7

apple/watchos < 7.6.2

freedesktop/poppler < 22.09.0

xpdfreader/xpdf < 4.04

Published Aug 24, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026