CVE-2021-30917

HIGH

iPadOS < 14.8.1 and iOS < 14.8.1 - Memory Corruption via ICC Profile Processing

Title source: llm

Description

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution.

References (8)

Core 8

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212869

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212871

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212872

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212867

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212868

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212874

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212876

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/165075/Apple-ColorSync-CMMNDimLinear-Interpolate-Uninitialized-Memory.html

Scores

CVSS v3 7.8

EPSS 0.0154

EPSS Percentile 71.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (10)

apple/ipad_os < 14.8.1

apple/ipados 15.0

apple/iphone_os 15.0

apple/iphone_os < 14.8.1

apple/mac_os_x 10.15.7 (9 CPE variants)

apple/mac_os_x < 10.15.7

apple/macos 12.0

apple/macos 11.0 - 11.6.1

apple/tvos < 15.1

apple/watchos < 8.1

Published Aug 24, 2021

Tracked Since Feb 18, 2026