Back to CVE Browser

CVE-2021-30952

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score66.8930%

EPSS Percentile94.57th

PublishedAug 24, 2021

Last ModifiedMar 6, 2026

Vulnerability Description

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Affected Platforms (CPE)

📦

Apple

Safari

< 15.2

💻

Apple

Ipados

< 15.2

💻

Apple

Iphone Os

< 15.2

💻

Apple

Macos

>= 12.0 and < 12.1

💻

Apple

Tvos

< 15.2

💻

Apple

Watchos

< 8.3

💻

Fedoraproject

Fedora

= 34

💻

Fedoraproject

Fedora

= 35

💻

Debian

Debian Linux

= 10.0

💻

Debian

Debian Linux

= 11.0

📦

Webkitgtk

Webkitgtk

< 2.34.4

📦

Wpewebkit

Wpe Webkit

< 2.34.4

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2022/01/21/2

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/

🔗 https://support.apple.com/en-us/HT212975

🔗 https://support.apple.com/en-us/HT212976

🔗 https://support.apple.com/en-us/HT212978

🔗 https://support.apple.com/en-us/HT212980

🔗 https://support.apple.com/en-us/HT212982

Related Vulnerabilities

CVE-2004-053910.0

The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which cou...

CVE-2007-284310.0

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via J...

CVE-2004-009210.0

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...