CVE-2020-29624
moderate-risk
Published 2021-04-02
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.
Do I need to act?
-
0.40% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
Affected Vendors
References (8)
Vendor Advisory
https://support.apple.com/en-us/HT212003
Vendor Advisory
https://support.apple.com/en-us/HT212005
Vendor Advisory
https://support.apple.com/en-us/HT212009
Vendor Advisory
https://support.apple.com/en-us/HT212011
Vendor Advisory
https://support.apple.com/en-us/HT212003
Vendor Advisory
https://support.apple.com/en-us/HT212005
Vendor Advisory
https://support.apple.com/en-us/HT212009
Vendor Advisory
https://support.apple.com/en-us/HT212011
45
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
1/34 · Minimal
Exposure
20/34 · Moderate