CVE-2015-7033 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iwork

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

2.1%

top 15.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iwork Apple Keynote Apple Numbers +1 more

Timeline

PublishedOct 18

Latest updateMay 17

Description

The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶NVDapple/iwork2.5.4

▶NVDapple/pages5.5.3

▶NVDapple/keynote6.5

▶NVDapple/numbers3.5

🔴Vulnerability Details

GHSA

GHSA-23mr-m7vf-wgmp: The Apple iWork application before 2↗2022-05-17

▶

CVEList

CVE-2015-7033: The Apple iWork application before 2↗2015-10-18

▶

📋Vendor Advisories

Apple

CVE-2015-7033: Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6↗

▶