CVE-2015-1074Out-of-bounds Write in Apple Iphone OS

CWE-3999 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
0.8%
top 26.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple Iphone OSApple ItunesApple Safari+4 more
Timeline
PublishedMar 18
Latest updateMay 14

Description

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages8 packages

NVDapple/safari6.2.3+15
NVDapple/tvos7.1
NVDapple/itunes12.1

🔴Vulnerability Details

2
GHSA
GHSA-25fv-6fhv-mjcq: WebKit, as used in Apple Safari before 62022-05-14
OSV
CVE-2015-1074: WebKit, as used in Apple Safari before 62015-03-18

📋Vendor Advisories

4
Apple
CVE-2015-1074: iTunes 12.2
Apple
CVE-2015-1074: iOS 8.3
Apple
CVE-2015-1074: Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4
Apple
CVE-2015-1074: Apple TV 7.2

💬Community

1
Bugzilla
CVE-2015-2753 CVE-2015-2754 CVE-2015-2776 freexl: multiple flaws when parsing malformed input2015-03-30