Vulnerability - CVE-2021-30860

›

›vulnerability›CVE-2021-30860

Name

CVE-2021-30860

Source

NVD ( link)Debian ( link)

Description

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CWEs

CWE-190 CWE-190

Published Date

Aug 24, 2021

Updated Date

Jun 17, 2026

Workaround

-

Advisories

http://seclists.org/fulldisclosure/2021/Sep/25Mailing List

http://seclists.org/fulldisclosure/2021/Sep/26Mailing List

http://seclists.org/fulldisclosure/2021/Sep/27Mailing List

http://seclists.org/fulldisclosure/2021/Sep/28Mailing List

http://seclists.org/fulldisclosure/2021/Sep/38Mailing List

http://seclists.org/fulldisclosure/2021/Sep/39Mailing List

http://seclists.org/fulldisclosure/2021/Sep/40Mailing List

http://seclists.org/fulldisclosure/2021/Sep/50Mailing List

http://www.openwall.com/lists/oss-security/2022/09/02/11Mailing List

https://security.gentoo.org/glsa/202209-21Third Party Advisory

https://support.apple.com/en-us/HT212804Vendor Advisory

https://support.apple.com/en-us/HT212805Vendor Advisory

https://support.apple.com/en-us/HT212806Vendor Advisory

https://support.apple.com/en-us/HT212807Vendor Advisory

https://support.apple.com/kb/HT212824Vendor Advisory

http://seclists.org/fulldisclosure/2021/Sep/25Mailing List

http://seclists.org/fulldisclosure/2021/Sep/26Mailing List

http://seclists.org/fulldisclosure/2021/Sep/27Mailing List

http://seclists.org/fulldisclosure/2021/Sep/28Mailing List

http://seclists.org/fulldisclosure/2021/Sep/38Mailing List

http://seclists.org/fulldisclosure/2021/Sep/39Mailing List

http://seclists.org/fulldisclosure/2021/Sep/40Mailing List

http://seclists.org/fulldisclosure/2021/Sep/50Mailing List

http://www.openwall.com/lists/oss-security/2022/09/02/11Mailing List

https://security.gentoo.org/glsa/202209-21Third Party Advisory

https://support.apple.com/en-us/HT212804Vendor Advisory

https://support.apple.com/en-us/HT212805Vendor Advisory

https://support.apple.com/en-us/HT212806Vendor Advisory

https://support.apple.com/en-us/HT212807Vendor Advisory

https://support.apple.com/kb/HT212824Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30860US Government Resource

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

7.8

CVSSv31

7.8

CVSSv31

6.8

CVSSv2

NaN

other

Others affected components#

Name

Project

Project Version

Version

Status

buildroot

2025.02.x

25.10.0

Not Affected

buildroot

master

25.10.0

Not Affected

yocto

master

25.12.0

Not Affected

yocto

scarthgap

23.04.0

Not Affected

Resolved with patches#

poppler (yocto:kirkstone)

#

Title

Author

Resolve

1

JBIG2Stream: Fix crash on broken file

Albert Astals Cid <aacid@kde.org>

CVE-2021-30860

CVE-2022-38171