Product:

Tvos

(Apple)
Repositories https://github.com/file/file
https://github.com/WebKit/webkit
#Vulnerabilities 1133
Date Id Summary Products Score Patch Annotated
2021-04-02 CVE-2020-27935 Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions. Ipad_os, Iphone_os, Mac_os_x, Tvos, Watchos 6.3
2021-04-02 CVE-2020-27908 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file may lead to arbitrary code execution. Ipad_os, Iphone_os, Mac_os_x, Tvos, Watchos 7.8
2021-04-02 CVE-2020-27899 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges. Ipad_os, Iphone_os, Macos, Tvos, Watchos 7.8
2010-08-19 CVE-2010-2808 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. Iphone_os, Mac_os_x, Tvos, Ubuntu_linux, Freetype N/A
2010-08-19 CVE-2010-2807 FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Iphone_os, Mac_os_x, Tvos, Ubuntu_linux, Freetype N/A
2010-08-19 CVE-2010-2806 Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. Iphone_os, Mac_os_x, Tvos, Ubuntu_linux, Freetype N/A
2010-08-19 CVE-2010-2805 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Iphone_os, Mac_os_x, Tvos, Ubuntu_linux, Freetype N/A
2021-04-02 CVE-2020-27931 A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. Ipad_os, Iphone_os, Mac_os_x, Tvos, Watchos 7.8
2021-04-02 CVE-2020-27924 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution. Ipad_os, Iphone_os, Mac_os_x, Tvos, Watchos 7.8
2021-04-02 CVE-2020-27923 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution. Ipad_os, Iphone_os, Mac_os_x, Tvos, Watchos 7.8