Apple » Mac Os X » 10.14.6 security_update_2019-002 : Security Vulnerabilities, CVEs, Published In 2020 (Overflow)
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
Max CVSS
6.3
EPSS Score
0.06%
Published
2020-12-03
Updated
2022-06-07
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
Max CVSS
5.5
EPSS Score
0.12%
Published
2020-04-14
Updated
2023-01-09
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.15%
Published
2020-10-22
Updated
2020-10-27
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.16%
Published
2020-12-08
Updated
2020-12-09
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.15%
Published
2020-10-22
Updated
2023-01-09
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.15%
Published
2020-10-22
Updated
2023-01-09
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.
Max CVSS
7.5
EPSS Score
0.45%
Published
2020-10-22
Updated
2023-01-09
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.14%
Published
2020-10-22
Updated
2023-01-09
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.15%
Published
2020-10-22
Updated
2023-01-09
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.15%
Published
2020-10-22
Updated
2023-01-09
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.15%
Published
2020-10-22
Updated
2023-01-09
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.15%
Published
2020-10-16
Updated
2023-01-09
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.17%
Published
2020-10-22
Updated
2023-01-09
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution.
Max CVSS
9.8
EPSS Score
0.54%
Published
2020-10-27
Updated
2020-10-29
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
Max CVSS
9.3
EPSS Score
0.17%
Published
2020-06-09
Updated
2023-01-09
An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.
Max CVSS
9.3
EPSS Score
0.10%
Published
2020-06-09
Updated
2020-06-09
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
Max CVSS
9.8
EPSS Score
1.50%
Published
2020-04-01
Updated
2020-04-02
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
Max CVSS
9.8
EPSS Score
1.49%
Published
2020-04-01
Updated
2020-04-02
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
Max CVSS
9.8
EPSS Score
1.09%
Published
2020-04-01
Updated
2022-06-02
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.
Max CVSS
8.8
EPSS Score
0.65%
Published
2020-02-27
Updated
2021-07-21
An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.24%
Published
2020-02-27
Updated
2021-07-21
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.
Max CVSS
3.3
EPSS Score
0.11%
Published
2020-10-27
Updated
2021-03-15
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An attacker in a privileged position may be able to perform a denial of service attack.
Max CVSS
5.5
EPSS Score
0.06%
Published
2020-10-27
Updated
2020-10-30
23 vulnerabilities found