CVE-2020-36521

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/HT211843	Vendor Advisory
https://support.apple.com/en-us/HT211844	Vendor Advisory
https://support.apple.com/en-us/HT211846	Vendor Advisory
https://support.apple.com/en-us/HT211847	Vendor Advisory
https://support.apple.com/en-us/HT211850	Vendor Advisory
https://support.apple.com/en-us/HT211952	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:itunes::::::windows::*
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

09 Jan 2023, 16:41

Type	Values Removed	Values Added
CPE	cpe:2.3:o:apple:ipad_os::::::::	cpe:2.3:o:apple:ipados::::::::
First Time		Apple ipados

27 Sep 2022, 12:38

Type	Values Removed	Values Added
CPE		cpe:2.3:a:apple:itunes::::::windows::* cpe:2.3:o:apple:tvos:::::::: cpe:2.3:a:apple:icloud::::::windows::* cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:ipad_os::::::::
CWE		CWE-125
First Time		Apple macos Apple itunes Apple watchos Apple icloud Apple iphone Os Apple tvos Apple Apple ipad Os
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1
References	~~(MISC) https://support.apple.com/en-us/HT211850 -~~	(MISC) https://support.apple.com/en-us/HT211850 - Vendor Advisory
References	~~(MISC) https://support.apple.com/en-us/HT211843 -~~	(MISC) https://support.apple.com/en-us/HT211843 - Vendor Advisory
References	~~(MISC) https://support.apple.com/en-us/HT211846 -~~	(MISC) https://support.apple.com/en-us/HT211846 - Vendor Advisory
References	~~(MISC) https://support.apple.com/en-us/HT211844 -~~	(MISC) https://support.apple.com/en-us/HT211844 - Vendor Advisory
References	~~(MISC) https://support.apple.com/en-us/HT211952 -~~	(MISC) https://support.apple.com/en-us/HT211952 - Vendor Advisory
References	~~(MISC) https://support.apple.com/en-us/HT211847 -~~	(MISC) https://support.apple.com/en-us/HT211847 - Vendor Advisory

23 Sep 2022, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-23 19:15

Updated : 2023-12-10 14:35

NVD link : CVE-2020-36521

Mitre link : CVE-2020-36521

CVE.ORG link : CVE-2020-36521

JSON object : View

Products Affected

apple

itunes
macos
tvos
icloud
watchos
iphone_os
ipados

CWE

CWE-125

Out-of-bounds Read

7.1 /10