CVE-2015-7017Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents4 sources
Severity
7.5HIGHNVD
EPSS
2.1%
top 15.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple Iphone OSApple ItunesApple MAC OS X
Timeline
PublishedOct 23
Latest updateMay 17

Description

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDapple/itunes12.3.0
NVDapple/mac_os_x10.11.0
NVDapple/iphone_os9.0.2

Patches

Patch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

6
GHSA
GHSA-xqcj-wpcf-8vvg: CoreText in Apple iOS before 92022-05-17
GHSA
GHSA-3gg4-3mqm-xx5v: CoreText in Apple iOS before 92022-05-17
GHSA
GHSA-26x7-82mq-9xp4: CoreText in Apple iOS before 92022-05-17
CVEList
CVE-2015-6975: CoreText in Apple iOS before 92015-10-23
CVEList
CVE-2015-6992: CoreText in Apple iOS before 92015-10-23

📋Vendor Advisories

3
Apple
CVE-2015-7017: iTunes 12.3.1
Apple
CVE-2015-7017: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
Apple
CVE-2015-7017: iOS 9.1
CVE-2015-7017 — Apple Iphone OS vulnerability | cvebase