Lucene search
Mickey Jin of Trend Micro Mobile Security Research TeamZDI-20-1389HistoryDec 03, 2020 - 12:00 a.m.
Apple macOS CoreGraphics JBIG2Stream Out-Of-Bounds Read Information Disclosure Vulnerability
2020-12-0300:00:00
Mickey Jin of Trend Micro Mobile Security Research Team
www.zerodayinitiative.com
25
0.001 Low
EPSS
Percentile
49.7%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the JBIG2Stream::readGenericBitmap method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
References
Related
cve
cve
CVE-2020-9883
2020-10-22 18:15:15
nvd
nvd
CVE-2020-9883
2020-10-22 18:15:15
prion
prion
Buffer overflow
2020-10-22 18:15:00
cvelist
cvelist
CVE-2020-9883
2020-10-22 17:59:36
zdi
zdi
apple
apple
About the security content of iCloud for Windows 7.20 - Apple Support
2020-12-15 05:23:14
About the security content of iTunes 12.10.8 for Windows - Apple Support
2020-12-15 05:45:32
About the security content of iCloud for Windows 11.3 - Apple Support
2020-12-15 06:02:19
kaspersky
kaspersky
KLA11926 Multiple vulnerabilities in Apple iCloud
2020-08-10 00:00:00
nessus
nessus
macOS 11.0.x < 11.0.1
2020-11-19 00:00:00
openvas
openvas
Apple Mac OS X Security Update (HT211931)
2022-09-22 00:00:00