CVE-2020-9961

moderate-risk
Published 2020-10-27

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (20)

Affected Vendors

Apple

References (20)

Mailing List http://seclists.org/fulldisclosure/2020/Nov/19
Mailing List http://seclists.org/fulldisclosure/2020/Nov/20
Mailing List http://seclists.org/fulldisclosure/2020/Nov/21
Mailing List http://seclists.org/fulldisclosure/2020/Nov/22
Release Notes https://support.apple.com/en-us/HT211849
Vendor Advisory https://support.apple.com/kb/HT211843
Vendor Advisory https://support.apple.com/kb/HT211844
Vendor Advisory https://support.apple.com/kb/HT211850
Vendor Advisory https://support.apple.com/kb/HT211935
Vendor Advisory https://support.apple.com/kb/HT211952
Mailing List http://seclists.org/fulldisclosure/2020/Nov/19
Mailing List http://seclists.org/fulldisclosure/2020/Nov/20
Mailing List http://seclists.org/fulldisclosure/2020/Nov/21
Mailing List http://seclists.org/fulldisclosure/2020/Nov/22
Release Notes https://support.apple.com/en-us/HT211849
Vendor Advisory https://support.apple.com/kb/HT211843
Vendor Advisory https://support.apple.com/kb/HT211844
Vendor Advisory https://support.apple.com/kb/HT211850
Vendor Advisory https://support.apple.com/kb/HT211935
Vendor Advisory https://support.apple.com/kb/HT211952
48
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 23/34 · High