CVE-2015-6992
published 2015-10-23CVE-2015-6992: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 9.0.2 | — |
| apple | itunes | <= 12.3.0 | — |
| apple | itunes | — | — |
| apple | mac_os_x | <= 10.11.0 | — |
| apple | os_x_el_capitan_10.11.1_security_update_2015-004_yosemite_and_security_update_20 | — | — |
Apple
CVE-2015-6992: iTunes 12.3.1
vendor_apple·CVSS 7.5
CVE-2015-6992 [HIGH] CVE-2015-6992: iTunes 12.3.1
Apple Security Update: About the security content of iTunes 12.3.1
Product: iTunes
Version: 12.3.1
CVE: CVE-2015-6992
Component: CVE-ID
Apple
CVE-2015-6992: iOS 9.1
vendor_apple·CVSS 7.5
CVE-2015-6992 [HIGH] CVE-2015-6992: iOS 9.1
Apple Security Update: About the security content of iOS 9.1
Product: iOS
Version: 9.1
CVE: CVE-2015-6992
Component: CVE-ID
Apple
CVE-2015-6992: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
vendor_apple·CVSS 7.5
CVE-2015-6992 [HIGH] CVE-2015-6992: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
Apple Security Update: About the security content of OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
Product: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
CVE: CVE-2015-6992
Component: CVE-ID
GHSA
GHSA-xqcj-wpcf-8vvg: CoreText in Apple iOS before 9
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2015-6975 [HIGH] CWE-119 GHSA-xqcj-wpcf-8vvg: CoreText in Apple iOS before 9
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.
GHSA
GHSA-3gg4-3mqm-xx5v: CoreText in Apple iOS before 9
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2015-7017 [HIGH] CWE-119 GHSA-3gg4-3mqm-xx5v: CoreText in Apple iOS before 9
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
GHSA
GHSA-26x7-82mq-9xp4: CoreText in Apple iOS before 9
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2015-6992 [HIGH] CWE-119 GHSA-26x7-82mq-9xp4: CoreText in Apple iOS before 9
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2015/Oct/msg00006.htmlhttp://www.securitytracker.com/id/1033929https://support.apple.com/HT205370https://support.apple.com/HT205372https://support.apple.com/HT205375http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2015/Oct/msg00006.htmlhttp://www.securitytracker.com/id/1033929https://support.apple.com/HT205370https://support.apple.com/HT205372https://support.apple.com/HT205375
2015-10-23
Published