### [CVE-2021-30860](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860)
![](https://img.shields.io/static/v1?label=Product&message=iOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Processing%20a%20maliciously%20crafted%20PDF%20may%20lead%20to%20arbitrary%20code%20execution.%20Apple%20is%20aware%20of%20a%20report%20that%20this%20issue%20may%20have%20been%20actively%20exploited.&color=brightgreen)

### Description

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

### POC

#### Reference
- http://seclists.org/fulldisclosure/2021/Sep/25
- http://seclists.org/fulldisclosure/2021/Sep/26
- http://seclists.org/fulldisclosure/2021/Sep/27
- http://seclists.org/fulldisclosure/2021/Sep/28
- http://seclists.org/fulldisclosure/2021/Sep/38
- http://seclists.org/fulldisclosure/2021/Sep/39

#### Github
- https://github.com/0xCyberY/CVE-T4PDF
- https://github.com/30440r/gex
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Hosampor1/hosamprns
- https://github.com/Hosampor1/hosamprns123
- https://github.com/Levilutz/CVE-2021-30860
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/SYRTI/POC_to_review
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/WhooAmii/POC_to_review
- https://github.com/YoussefJeridi/vulTenserflow
- https://github.com/YoussefJeridi/vulTensorflow
- https://github.com/ex0dus-0x/awesome-rust-security
- https://github.com/grant-h/starred
- https://github.com/houjingyi233/macOS-iOS-system-security
- https://github.com/jeffssh/CVE-2021-30860
- https://github.com/msuiche/elegant-bouncer
- https://github.com/n0-traces/cve_monitor
- https://github.com/nexoryx/click-alignment-threat-model
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/octane23/CASE-STUDY-1
- https://github.com/osirislab/awesome-rust-security
- https://github.com/soosmile/POC
- https://github.com/trhacknon/Pocingit
- https://github.com/zecool/cve