CVE-2021-30860

Summary

CVE	CVE-2021-30860
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-08-24 19:15:00 UTC
Updated	2024-02-02 03:08:00 UTC
Description	An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Risk And Classification

EPSS: 0.706420000 probability, percentile 0.986990000 (date 2026-04-17)

CISA KEV: Listed on 2021-11-03; due 2021-11-17; ransomware use Unknown

Problem Types: CWE-190

CISA Known Exploited Vulnerability

Vendor	Apple
Product	Multiple Products
Name	Apple Multiple Products Integer Overflow Vulnerability
Required Action	Apply updates per vendor instructions.
Notes	https://nvd.nist.gov/vuln/detail/CVE-2021-30860

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Ipados	All	All	All	All
Operating System	Apple	Iphone Os	All	All	All	All
Operating System	Apple	Macos	All	All	All	All
Operating System	Apple	Mac Os X	All	All	All	All
Operating System	Apple	Mac Os X	10.15.7	-	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2020	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2020-001	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-001	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-002	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-003	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-004	All	All
Operating System	Apple	Watchos	All	All	All	All
Application	Freedesktop	Poppler	All	All	All	All
Application	Xpdfreader	Xpdf	All	All	All	All

References

Reference	Source	Link	Tags
Full Disclosure: APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina	FULLDISC	seclists.org
About the security content of iOS 12.5.5 - Apple Support	CONFIRM	support.apple.com
Full Disclosure: APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina		seclists.org
Full Disclosure: APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6		seclists.org
Full Disclosure: APPLE-SA-2021-09-13-2 watchOS 7.6.2	FULLDISC	seclists.org
Full Disclosure: APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8	FULLDISC	seclists.org
Poppler: Arbitrary Code Execution (GLSA 202209-21) — Gentoo security		security.gentoo.org
oss-security - JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0		www.openwall.com
Full Disclosure: APPLE-SA-2021-09-23-1 iOS 12.5.5		seclists.org
Full Disclosure: APPLE-SA-2021-09-13-3 macOS Big Sur 11.6		seclists.org
Full Disclosure: APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8		seclists.org
About the security content of Security Update 2021-005 Catalina - Apple Support		support.apple.com
About the security content of macOS Big Sur 11.6 - Apple Support		support.apple.com
About the security content of iOS 14.8 and iPadOS 14.8 - Apple Support	MISC	support.apple.com	Vendor Advisory
About the security content of watchOS 7.6.2 - Apple Support		support.apple.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

375851 Apple macOS Security Update 2021-005 Catalina (HT212805)
375855 Apple MacOS Big Sur 11.6 Not Installed (HT212804)
610367 Apple iOS 14.8 and iPadOS 14.8 Security Update Missing
610369 Apple iOS 12.5.5 Security Update Missing (HT212824)
710628 Gentoo Linux Poppler Arbitrary Code Execution Vulnerability (GLSA 202209-21)