CVE-2015-7048Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer36 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
1.0%
top 22.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Debian Webkit2gtkApple Iphone OSApple Safari+3 more
Timeline
PublishedDec 11
Latest updateMay 14

Description

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages8 packages

NVDapple/tvos9.0
NVDapple/safari9.0.1
Appleapple/tvos9.1
Appleapple/safari9.0.2
debiandebian/webkit2gtk< webkit2gtk 2.10.5-1 (bookworm)

🔴Vulnerability Details

20
GHSA
GHSA-hfj6-37rw-7322: WebKit in Apple iOS before 92022-05-14
GHSA
GHSA-fm76-6855-5xp2: WebKit in Apple iOS before 92022-05-14
GHSA
GHSA-wpv9-xpxj-93jv: WebKit in Apple iOS before 92022-05-14
GHSA
GHSA-6p9m-2xm6-mvv4: WebKit in Apple iOS before 92022-05-14
GHSA
GHSA-qfpf-x2q6-jr4v: WebKit in Apple iOS before 92022-05-14

📋Vendor Advisories

6
Debian
CVE-2015-7096: webkit2gtk - WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows ...2015
Debian
CVE-2015-7098: webkit2gtk - WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows ...2015
Apple
CVE-2015-7048: tvOS 9.1
Apple
CVE-2015-7048: iOS 9.2
Apple
CVE-2015-7048: Safari 9.0.2
CVE-2015-7048 — Apple Iphone OS vulnerability | cvebase