CVE-2015-7039
published 2015-12-11CVE-2015-7039: Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code…
PriorityP350medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
11.30%
95.4th percentile
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 9.1 | — |
| apple | mac_os_x | <= 10.11.1 | — |
| apple | os_x_el_capitan_10.11.2_security_update_2015-005_yosemite_and_security_update_20 | — | — |
| apple | tvos | <= 9.0 | — |
| apple | tvos | — | — |
| apple | watchos | <= 2.0 | — |
| apple | watchos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5p8q-3w95-cx4g: Buffer overflow in libc in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7038 [MEDIUM] CWE-119 GHSA-5p8q-3w95-cx4g: Buffer overflow in libc in Apple iOS before 9
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.
GHSA
GHSA-2gg2-qwgv-qfvc: Buffer overflow in libc in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7039 [MEDIUM] CWE-119 GHSA-2gg2-qwgv-qfvc: Buffer overflow in libc in Apple iOS before 9
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
Apple
CVE-2015-7039: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
vendor_apple·CVSS 6.8
CVE-2015-7039 [MEDIUM] CVE-2015-7039: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
Apple Security Update: About the security content of OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
Product: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
CVE: CVE-2015-7039
Component: CVE-ID
Impact: Multiple vulnerabilities in expat
Description: Multiple vulnerabilities existed in expat version prior to 2.1.0. These were addressed by updating expat to versions 2.1.0.
Apple
CVE-2015-7039: watchOS 2.1
vendor_apple·CVSS 6.8
CVE-2015-7039 [MEDIUM] CVE-2015-7039: watchOS 2.1
Apple Security Update: About the security content of watchOS 2.1
Product: watchOS
Version: 2.1
CVE: CVE-2015-7039
Component: CVE-ID
Impact: A local application may be able to cause a denial of service
Description: A null pointer dereference issue was addressed through improved memory handling.
Apple
CVE-2015-7039: iOS 9.2
vendor_apple·CVSS 6.8
CVE-2015-7039 [MEDIUM] CVE-2015-7039: iOS 9.2
Apple Security Update: About the security content of iOS 9.2
Product: iOS
Version: 9.2
CVE: CVE-2015-7039
Component: CVE-ID
Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling.
Apple
CVE-2015-7039: tvOS 9.1
vendor_apple·CVSS 6.8
CVE-2015-7039 [MEDIUM] CVE-2015-7039: tvOS 9.1
Apple Security Update: About the security content of tvOS 9.1
Product: tvOS
Version: 9.1
CVE: CVE-2015-7039
Component: CVE-ID
Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling.
No detection rules found.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlhttp://www.securityfocus.com/bid/78719http://www.securitytracker.com/id/1034344https://support.apple.com/HT205635https://support.apple.com/HT205637https://support.apple.com/HT205640https://support.apple.com/HT205641https://www.exploit-db.com/exploits/38917/http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlhttp://www.securityfocus.com/bid/78719http://www.securitytracker.com/id/1034344https://support.apple.com/HT205635https://support.apple.com/HT205637https://support.apple.com/HT205640https://support.apple.com/HT205641https://www.exploit-db.com/exploits/38917/
2015-12-11
Published