CVE-2021-30860

CVE Database · CVE-2021-30860

CVE-2021-30860

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

75.99%

Published

Aug 24, 2021

Modified

Oct 27, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2021-11-17

Apply updates per vendor instructions.

Public PoC / Exploit (3)

All weaponized →

TrickestTrickest PoC index GitHub PoCjeffssh/CVE-2021-30860★100 GitHub PoCLevilutz/CVE-2021-30860★10

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-190CWE-190

Affected Products (15)

apple · ipados (up to 14.8)vulnerable

apple · iphone_os (up to 12.5.5)vulnerable

apple · iphone_os (up to 14.8)vulnerable

apple · mac_os_x (up to 10.15.7)vulnerable

apple · mac_os_xvulnerable