CVE-2014-1370: The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service…

medium6.8CVSS 3.1

AVNACMAuNCPIPAP

The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.

Affected

28 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	mac_os_x	<= 10.9.3	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x_server	—	—
apple	mac_os_x_server	—	—
apple	mac_os_x_server	—	—
apple	mac_os_x_server	—	—
apple	mac_os_x_server	—	—
apple	mac_os_x_server	—	—
linux	linux_kernel	>= 5.11.0 < 5.15.198	5.15.198
linux	linux_kernel	>= 5.16.0 < 6.1.160	6.1.160
linux	linux_kernel	>= 5.7.0 < 5.10.248	5.10.248

CVSS provenance

nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P

osv5.5MEDIUM