CVE-2015-5874
published 2015-09-18CVE-2015-5874: CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_9 | — | — |
| apple | iphone_os | <= 8.4.1 | — |
| apple | itunes | <= 12.2 | — |
| apple | itunes | — | — |
| apple | mac_os_x | <= 10.10.5 | — |
| apple | os_x_el_capitan_v10.11 | — | — |
| apple | watchos | — | — |
| apple | watchos_2 | — | — |
Apple
CVE-2015-5874: iTunes 12.3
vendor_apple·CVSS 7.5
CVE-2015-5874 [HIGH] CVE-2015-5874: iTunes 12.3
Apple Security Update: About the security content of iTunes 12.3
Product: iTunes
Version: 12.3
CVE: CVE-2015-5874
Component: CVE-ID
Impact: Applications that use ICU may be vulnerable to unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the processing of unicode strings. These issues were addressed by updating ICU to version 55.
Apple
CVE-2015-5874: iOS 9
vendor_apple·CVSS 7.5
CVE-2015-5874 [HIGH] CVE-2015-5874: iOS 9
Apple Security Update: About the security content of iOS 9
Product: iOS 9
CVE: CVE-2015-5874
Component: CVE-ID
Apple
CVE-2015-5874: OS X El Capitan v10.11
vendor_apple·CVSS 7.5
CVE-2015-5874 [HIGH] CVE-2015-5874: OS X El Capitan v10.11
Apple Security Update: About the security content of OS X El Capitan v10.11
Product: OS X El Capitan v10.11
CVE: CVE-2015-5874
Component: CVE-ID
Apple
CVE-2015-5874: watchOS 2
vendor_apple·CVSS 7.5
CVE-2015-5874 [HIGH] CVE-2015-5874: watchOS 2
Apple Security Update: About the security content of watchOS 2
Product: watchOS 2
CVE: CVE-2015-5874
Component: CVE-ID
GHSA
GHSA-mq7f-556v-c3v9: CoreText in Apple iOS before 9 and iTunes before 12
ghsa_unreviewed·2022-05-17
CVE-2015-5874 [HIGH] CWE-119 GHSA-mq7f-556v-c3v9: CoreText in Apple iOS before 9 and iTunes before 12
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://www.securityfocus.com/bid/76763http://www.securitytracker.com/id/1033609https://support.apple.com/HT205212https://support.apple.com/HT205213https://support.apple.com/HT205221https://support.apple.com/HT205267http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://www.securityfocus.com/bid/76763http://www.securitytracker.com/id/1033609https://support.apple.com/HT205212https://support.apple.com/HT205213https://support.apple.com/HT205221https://support.apple.com/HT205267
2015-09-18
Published