PT-2020-20932 · Apple · Libfontparser+1

Mickey Jin

Published

2020-11-12

Updated

2021-04-09

CVE-2021-1775

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions macOS versions prior to 11.2 Security Update 2021-001 Catalina Security Update 2021-001 Mojave

Description The issue allows for arbitrary code execution when processing a maliciously crafted font. This is due to an integer underflow in the TTF parsing component of the libFontParser library.

Recommendations For macOS versions prior to 11.2, update to macOS Big Sur 11.2 or apply Security Update 2021-001. For Catalina, apply Security Update 2021-001. For Mojave, apply Security Update 2021-001.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-1775

ZDI-21-138

Affected Products

Apple Macos

Libfontparser

PT-2020-20932 · Apple · Libfontparser+1

CVE-2021-1775

Related Identifiers

Affected Products

References · 8