An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.

**System info**

Ubuntu x86\_64, clang 6.0, fig2dev (latest master 3a578b)

**Configure**

CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure

**Command line**

./fig2dev/fig2dev -L pdf -G .25:1cm -j -m 2 -N -P -x 3 -y 4 @@ /dev/null

**AddressSanitizer output**

AddressSanitizer:DEADLYSIGNAL
\=================================================================
\==52196\==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x00000054d8d6 bp 0x0ff24e6480f7 sp 0x7ffd3a3d31a0 T0)
\==52196\==The signal is caused by a READ memory access.
\==52196\==Hint: address points to the zero page.
    #0 0x54d8d5 in compute\_closed\_spline /home/seviezhou/fig2dev/fig2dev/trans\_spline.c
    #1 0x54e1b8 in create\_line\_with\_spline /home/seviezhou/fig2dev/fig2dev/trans\_spline.c:495:29
    #2 0x541fb7 in read\_splineobject /home/seviezhou/fig2dev/fig2dev/read.c:1360:10
    #3 0x538e22 in read\_objects /home/seviezhou/fig2dev/fig2dev/read.c:419:16
    #4 0x538e22 in readfp\_fig /home/seviezhou/fig2dev/fig2dev/read.c:151
    #5 0x5369eb in read\_fig /home/seviezhou/fig2dev/fig2dev/read.c:123:10
    #6 0x52c27e in main /home/seviezhou/fig2dev/fig2dev/fig2dev.c:423:12
    #7 0x7f92718bfb96 in \_\_libc\_start\_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc\-start.c:310
    #8 0x41b6f9 in \_start (/home/seviezhou/fig2dev/fig2dev/fig2dev+0x41b6f9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/seviezhou/fig2dev/fig2dev/trans\_spline.c in compute\_closed\_spline
\==52196\==ABORTING

CVE-2021-32280: Xfig / Tickets / #107 A Segmentation fault in trans_spline.c

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.

CVE-2021-21798: TALOS-2021-1267 || Cisco Talos Intelligence Group

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks".

%PDF-1.5 %���� 1 0 obj << /D \[2 0 R /XYZ 70.866 771.024 null\] >> endobj 3 0 obj << /D \[2 0 R /XYZ 70.866 646.963 null\] >> endobj 4 0 obj << /D \[2 0 R /XYZ 70.866 598.838 null\] >> endobj 5 0 obj << /D \[2 0 R /XYZ 70.866 370.413 null\] >> endobj 6 0 obj << /D \[2 0 R /XYZ 70.866 281.442 null\] >> endobj 7 0 obj << /D \[8 0 R /XYZ 85.039 337.375 null\] >> endobj 9 0 obj << /D \[10 0 R /XYZ 70.866 713.397 null\] >> endobj 11 0 obj << /S /GoTo /D \[2 0 R /Fit\] >> endobj 2 0 obj << /Contents 12 0 R /Type /Page /Resources 13 0 R /Parent 14 0 R /Annots \[15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R\] /MediaBox \[0 0 595.276 841.89\] >> endobj 15 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 497.876 446.757 510.783\] >> endobj 16 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 461.478 446.757 474.385\] >> endobj 17 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 425.08 446.757 437.986\] >> endobj 18 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 388.682 446.757 401.588\] >> endobj 19 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[164.798 189.37 487.754 200.907\] >> endobj 20 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[406.699 159.602 525.406 171.019\] >> endobj 22 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[131.954 722.78 248.203 734.316\] >> endobj 13 0 obj << /ProcSet \[/PDF /Text\] /Font << /F50 23 0 R /F47 24 0 R >> >> endobj 12 0 obj << /Filter /FlateDecode /Length 2674 >> stream x��Z�s�6�\_��R3B|D�^T\[鹍�,��I��H��+E�"e\_���@Y�(�9s3��C $���.wx/�~>�iz��P�&:d�7��T@�0���DR�M���&M�I^�LE�M2۬C\*������iY� |7�m�������|3��Ǔ�=�>��l<=��C�G��Dq�͖g\_~�9<��ב�h�\\zBr"��̻9��Y���� �(��! "�E3D+�%i�#�'Z(�� � #����PGJ���@TJBY��% m�ޥ��Q/��n�i\*��W��JWYr�=������K��>�!��CB�����}$��n��i�&˓u�-��\*M�CI8 ���I8$R� P\[�t�$��\_Pٔ$�\[g C��8�\`tڇ�RDs��8�6�� �x9K�\*Y!����x�dn$�\[:7:�tWi�\[и���-�K$��F��R���!�D��N���s���YRQzl����7�5�m'~D ɺ��a���?Q���tsc'=���w?�e�poV��J,� u��P֪�s\[��t��(��v�,���@K�WW��@�o����A&�Ĉ� 9a\`��1(�юE�LS?Eׁ�� ���Y���-����~�$v�����)۝i��2���i�Z1�h��E��C�%G'.�t�C�~��\_�%��R�H�t4�^ i���t��?v��$�����g�\`\_\\^\\O���s{��꽽��\*C��ʫm(��q���"�ϟ�H�X|�c0�1.-�O�2�}ln��N��jn�7Ʊ�; �1���>�7h��#+vA+�֊%�8w�bw �r=�����}�0M��R ' G�\\��H��./��f����P� t�p����|:�h��L�@�Y \`�%�r݋��%i�H��=�?Np�\\\_ܞOoZ$М��4thе &��S \*�g�-�gҌ�g�v�8�"4\]�#1!U��������->���<) 5�\_Z밑���x��4$�\` �E^��FX���W�������4�c�T�.��a�Jk��Ļ�I�k�|9(Ñ䜄�}9���k 2�?���=���� c��-���U����P�{�Bx

CVE-2021-40354

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.

%PDF-1.5 %���� 1 0 obj << /D \[2 0 R /XYZ 70.866 771.024 null\] >> endobj 3 0 obj << /D \[2 0 R /XYZ 70.866 630.026 null\] >> endobj 4 0 obj << /D \[2 0 R /XYZ 70.866 581.902 null\] >> endobj 5 0 obj << /D \[2 0 R /XYZ 70.866 379.124 null\] >> endobj 6 0 obj << /D \[2 0 R /XYZ 70.866 320.041 null\] >> endobj 7 0 obj << /D \[8 0 R /XYZ 85.039 427.664 null\] >> endobj 9 0 obj << /D \[8 0 R /XYZ 70.866 240.227 null\] >> endobj 10 0 obj << /S /GoTo /D \[2 0 R /Fit\] >> endobj 2 0 obj << /Contents 11 0 R /Type /Page /Resources 12 0 R /Parent 13 0 R /Annots \[14 0 R 15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R 22 0 R\] /MediaBox \[0 0 595.276 841.89\] >> endobj 14 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109800773/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 446.564 518.276 457.981\] >> endobj 16 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109811116/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 404.524 518.276 415.941\] >> endobj 18 0 obj << /A << /S /GoTo /D (section\*.2) >> /Subtype /Link /C \[1 0 0\] /Type /Annot /H /I /Border \[0 0 0\] /Rect \[386.143 336.857 524.579 348.394\] >> endobj 19 0 obj << /A << /S /GoTo /D (section\*.4) >> /Subtype /Link /C \[1 0 0\] /Type /Annot /H /I /Border \[0 0 0\] /Rect \[147.498 319.044 309.548 330.461\] >> endobj 20 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[164.798 227.968 487.754 239.505\] >> endobj 21 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[406.699 198.2 525.406 209.617\] >> endobj 12 0 obj << /ProcSet \[/PDF /Text\] /Font << /F51 23 0 R /F48 24 0 R >> >> endobj 11 0 obj << /Filter /FlateDecode /Length 2670 >> stream xڵZ\[s۶~���ۡf\*WȜ�v

CVE-2021-33716

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).

%PDF-1.7 %���� 2 0 obj << /Lang (de-CH) /MarkInfo << /Marked true >> /Metadata 4 0 R /Outlines 5 0 R /Pages 6 0 R /StructTreeRoot 7 0 R /Type /Catalog /ViewerPreferences 8 0 R >> endobj 4 0 obj << /Length 3363 /Subtype /XML /Type /Metadata >> stream Microsoft® Word for Microsoft 365 Storage of Sensitive Information Vulnerability in Hitachi ABB Power Grids SDM600 Product PG-SIRT Cybersecurity Advisory Microsoft® Word for Microsoft 365 2021-08-25T07:29:52+02:00 2021-08-30T22:40:35+02:00 uuid:8B962337-F841-475E-A4FA-5F3C76CAA03A uuid:8B962337-F841-475E-A4FA-5F3C76CAA03A endstream endobj 18 0 obj << /Filter /FlateDecode /Length 3157 >> stream x��\[Ko�8����^�2ߤ���;��;�x1���O6���Y�a���QE�$J�t�� �n�ɪb=�\*���\_\_>���񥹹�^��<|���o�/���\_~���ߗ��>}~zx���t���| Mo~{��Z5��m���3ֲ��9���N�R4N���������i���6��g�;ޘ�3����g�e���:��t��?�\[o>p�|�����n9ܾ9?��1�WW\\%\\�ҡ��+��W��6�k�.��|�q~�mL��T:�կ��\_���<�?��}#�b�'����K<\]4�����M���T�F�A�,d���hwAx}!��S�+\*mx(^\]�������� ;Gk֯��,M�r�vu�:���r��$|��5\*�m��g��hY��̌�K����Y~�.,�����3����E�Ah��މ�O�۟��9��f=AqLœqN���m�(Yx��G2�S�twy~\]�4�|�}��4�e��������W�|��\\����V�Jr�p����Op��PA+� �H!NZ�M��-�����Gϯ��}�(��ҁ"&�S����f �"��BM�N(^�Qt��8 ����2�{J����$��\]��6��ڢ���ݻms=�7�//�L�����ˡ(��#(����\]kE#���wp-��=\_C��"\_x

CVE-2021-35526

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .

%PDF-1.4 %����� 47 0 obj << /Filter /FlateDecode /Length 48 0 R /Length1 754 /Length2 1730 /Length3 533 >> stream x��Ry<���Fc�^Y~�mf��!L�DFd�n����3�1�ұ��8B$KH�e4�F E�B�pGhQͩ3ǹ�ֽ��s���������y���}�﫮��J��F�\]����X�X\[�X�#�:��\* �:��t�\*�uu ފR���'���A0�D���t�����w4����@�/m�b�T 9��nU�� �����l���U?�I��I މD�� ��0�{��fA ���u�"\`�a.kJ ��'Q}C$��Ѱ�@p�!�H<��h��J��a��@�A�a�\\%��Of �0�u\`��^;Xh0���n ��:0\`8\*�;� �#���7���é�\`G@�?ܮ�0�7��Y()��6 2�a��蜰��>w�\\Èo��Ӹ~�p�@p������o��ҒD��\`�!@�b����\_1�D�q��T���C��yt�|QW���l�ɾ�')��L��Q�a���� z�%ӷ��mc�>R{��r�)�l��efs'�M���ѧmn��KsdY�d�L @󝮪yJ�I�v�v� >g�����7k��v?=�9J�u����o��Ϡ� J��ԋEw@�\]��<��V��^ؓ�h$ۢ뜞��0�\\��ʗY�g �����Z<ޡƏ��jO�֜@)}�u�\]�eSO�6�����\*�����W{w�I��/\_�W ���am�\_�{D����܀R�t��\`Y��b�ז�J�(�3k��{����y&q�oU�G����$�ᚼZ��r�\\ɦ��ږ�� n��=��Z�Ą\]����OD�<+N�l�!��䥩�\]����>�'w\\�Cv���tw�u@颋G �S�4c�ləA���'L7|��5�t���\[��n.�4�m�����ۉ�ˋМ�aSso�U����ؾ�6����慓�Y :F��T�-Ƴ���o�=�@C�Q��y(9Ͼ��fSQ�hܦ�)�y� �!�솳|C�3�"hBf5��?)�YoZ�P.��3�ǄN|�k��lz46��=O�Е�\[ʍmϖ�£��;Lۜ)�g��$$�ЙH\]�}����D7;|\*����E�"�)q��6��8.U/�\[:ӼW+r�J��w�T�Oϼґ ����I��f��H����#!�7�����TʡeĠ>��޶+��c���D�V��v��.I���!1�l\_���.�f�R|�~/���hS�)�D�0�I#������#�E,5F��s�V^�h�iH��z��=�"� ):�M��O�;�Ŕ&\]��slP�N�����mT�����C��G!�xloL45k�Y�b�\`�'?щY����D��,ڞ^�Y�\*�8b'Ub7)f�R��{���{�{�G�g\]���Gȭ|�3˧f2�6�s �Z\[o:z~��D��$��{���TA� �����S����,�@�4���o~&�����$5�CT��'F���p���Fa/�9�,0�d�r�O�9:\\5#S��i�~��U�>�\[ʳ/ ��� �m�~eL2��5e3DN�B����}�\`2��ʱ˸g�STh����~C��p�y ���e���v����4ޭb��\]��bN��ZF4�d���B�g0�K���{U�3$bm�,�Lm�{��g\]���JV<#��jt��X!������O�°h;=k�3� ��-��P�PsA�\_�����qS�SK� 5���M9��#%��\_�e2H�������Ŗ�%��p������z\*�\\�\_Ω�cĸ�U�\\(�L,�+J�-��٪��W���g����@ؗ�\_��K��.N�\[��ԏ�/�I!��ͻ��������j���닕 ����Tsy��,�N-��^�8a�j߻%f@L�,a�����RQ������W8�7}Ш�L�-���(��+�����\_?��\\Y�~�B�oG\_?�3/��\]w3!(���GY�L�8�0'+��v"�w�>�g��\[�^��Z\[;���^��-i ��$�s�'g��1-��U�<����erauᕿ&J=Ǹ,�n%�y��(ú\*{��8����3�T�Ql�rvW��vUŅ��{�qd�ӵ��Zz-M��3G

CVE-2020-24672

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.

%PDF-1.7 %���� 1 0 obj <>/Metadata 160 0 R/ViewerPreferences 161 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\] >>/Annots\[ 20 0 R 23 0 R 24 0 R 25 0 R 26 0 R\] /MediaBox\[ 0 0 612 792\] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��\[�o�F~7����TqZs� ���9�m.N҇�����%W��濿�YRE.I�DX����f��������wޏ?^�:{s����O73�ˋ��/��<�a,�mzy�������W��'��ayy�A(� �-�LC��|��.��;���\_����� ��ds�\_�ÿ//^A����8\[ .3�X ��r4��H�A�at:�?\*�?���T@����|D���L�n��\`PH�R1\]\*J)h׳��J�Xw0�Q�k�d�ƿ�)\]GפJX����x�~�yޑ��'ڭ8�S ø�4ߛtË'���mo��M�m6�\*���M����8��")R���l'�TǳUh�ڥ���<�����d�|b���t�\_Q7�NB�H����܂��'#i�t̂Хa�\\�'Ε�b��ْ����gw�)�n2����\*��S\`i���jQ�s�Շ����?�0U'��A�4L��s���?��o��� �\_�@��E�g���@3ه�g�����V���P��i��'S�S�� ��Ѣ���h1����-OrC���x�"\`�o���p��I�6�L��&�H�H4�쫿�9ZծȾ���\`��A�xH���������\*�.M��0O$B����5��i(��>˽ܮ��/&1b��{^p�I�ҒO8G\_��j¥��t��Z�x��W"Z���t�|��l��wXJ����A ����~L�(\`�V� ��{�D��&+���,�8Ӗ�tKD�B�R�-�d��7x����+��� f2�d��(��e:~�@7�.q̕�(�xc�IA�%��!�6' QRMa���5T�\[���f�V�ӣ����4"Z�?�H�M�����\`�5R����:��#WF�m�ܭ�� ҺПo�e�.<��L6O�Ҝ�V�1�d�B�\`����>���;���#���n�^��{ :������?�lSl��3�w����O�1É������I�!%�I@{��G��zL ��'�4��x�!�"�{�� ݏ����6�37�툊�������� �P��^���4X��������V��.Z�i:Q.Z���z�nEϯHH�\[�zh��ۻ��=)8\_�D����u��50޳��#��2�L��^ a��::N�Y���%Ai+����r�&'C?L\`5�

CVE-2021-40142

This issue was addressed with improved checks. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution.

Released October 26, 2021

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30907: Zweig of Kunlun Lab

**ColorSync**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30926: Jeremy Brown

Entry added May 25, 2022

**ColorSync**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

**Continuity Camera**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An uncontrolled format string issue was addressed with improved input validation.

CVE-2021-30903: Gongyu Ma of Hangzhou Dianzi University

Entry updated May 25, 2022

**CoreGraphics**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30919

**GPU Drivers**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30900: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

**IOMobileFrameBuffer**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30883: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30909: Zweig of Kunlun Lab

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab

**Sidecar**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30903: an anonymous researcher

**Status Bar**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to view restricted content from the Lock Screen

Description: A Lock Screen issue was addressed with improved state management.

CVE-2021-30918: videosdebarraquito

**Voice Control**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30902: 08Tc3wBB of ZecOps Mobile EDR Team

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior 

Description: An information leakage issue was addressed.

CVE-2021-30888: Prakash (@1lastBr3ath)

CVE-2021-30903: About the security content of iOS 14.8.1 and iPadOS 14.8.1

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. An unprivileged application may be able to edit NVRAM variables.

CVE-2021-30913: About the security content of macOS Monterey 12.0.1

Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

Released October 25, 2021

**AppleScript**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30876: Jeremy Brown, hjy79425575

CVE-2021-30879: Jeremy Brown, hjy79425575

CVE-2021-30877: Jeremy Brown

CVE-2021-30880: Jeremy Brown

**Audio**

Available for: macOS Big Sur

Impact: A malicious application may be able to elevate privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30907: Zweig of Kunlun Lab

**Bluetooth**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

**ColorSync**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30926: Jeremy Brown

Entry added May 25, 2022

**ColorSync**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

**Continuity Camera**

Available for: macOS Big Sur

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An uncontrolled format string issue was addressed with improved input validation.

CVE-2021-30903: Gongyu Ma of Hangzhou Dianzi University

Entry added January 19, 2022, updated May 25, 2022

**CoreAudio**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro

Entry added January 19, 2022

**CoreGraphics**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30919

**FileProvider**

Available for: macOS Big Sur

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: An input validation issue was addressed with improved memory handling.

CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360

**GPU Drivers**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30900: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

Entry added January 19, 2022

**iCloud**

Available for: macOS Big Sur

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30906: Cees Elzinga

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2021-30901: Zuozhi Fan (@pattern\_F\_) of Ant Security TianQiong Lab, Jack Dates of RET2 Systems, Inc., Liu Long of Ant Security Light-Year Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

CVE-2021-30922: Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1)

Entry updated January 19, 2022, updated May 25, 2022

**IOGraphics**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video Communications

**IOMobileFrameBuffer**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30883: an anonymous researcher

**Kernel**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30909: Zweig of Kunlun Lab

**Kernel**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab

**Model I/O**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro

**Model I/O**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

**SMB**

Available for: macOS Big Sur

Impact: A remote attacker may be able to leak memory

Description: A logic issue was addressed with improved state management.

CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs

Entry added May 25, 2022

**SMB**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs

**SoftwareUpdate**

Available for: macOS Big Sur

Impact: An unprivileged application may be able to edit NVRAM variables

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz\_\_) of Tencent Security Xuanwu Lab

Entry updated May 25, 2022

**SoftwareUpdate**

Available for: macOS Big Sur

Impact: A malicious application may gain access to a user's Keychain items

Description: The issue was addressed with improved permissions logic.

CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz\_\_) of Tencent Security Xuanwu Lab

**UIKit**

Available for: macOS Big Sur

Impact: A person with physical access to a device may be able to determine characteristics of a user's password in a secure text entry field

Description: A logic issue was addressed with improved state management.

CVE-2021-30915: Kostas Angelopoulos

**Windows Server**

Available for: macOS Big Sur

Impact: A local attacker may be able to view the previous logged-in user’s desktop from the fast user switching screen

Description: An authentication issue was addressed with improved state management.

CVE-2021-30908: ASentientBot

**xar**

Available for: macOS Big Sur

Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files

Description: This issue was addressed with improved checks.

CVE-2021-30833: Richard Warren of NCC Group

Entry added January 19, 2022

**zsh**

Available for: macOS Big Sur

Impact: A malicious application may be able to modify protected parts of the file system

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30892: Jonathan Bar Or of Microsoft

Tag

#pdf