VDB-78737 · CVE-2015-6977 · HT205370

Apple iOS up to 9.0 FontParser Font File memory corruption

A vulnerability was found in Apple iOS up to 9.0 (Smartphone Operating System) and classified as critical. This issue affects an unknown functionality of the component FontParser. Upgrading to version 9.1 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field	02/12/2018 08:48 AM	06/24/2022 02:00 AM	06/24/2022 02:08 AM
risk	2	2	2
cvss2_vuldb_basescore	5.1	5.1	5.1
cvss2_vuldb_tempscore	4.4	4.4	4.4
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	H	H	H
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_nvd_av	N	N	N
cvss2_nvd_ac	M	M	M
cvss2_nvd_au	N	N	N
cvss2_nvd_ci	P	P	P
cvss2_nvd_ii	P	P	P
cvss2_nvd_ai	P	P	P
cvss3_meta_basescore	7.3	7.3	7.3
cvss3_meta_tempscore	7.0	7.0	7.0
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	7.0	7.0	7.0
advisoryquote	Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.	Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.	Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.
date	1445385600 (10/21/2015)	1445385600 (10/21/2015)	1445385600 (10/21/2015)
location	Website	Website	Website
type	Advisory	Advisory	Advisory
url	https://support.apple.com/en-us/HT205370	https://support.apple.com/en-us/HT205370	https://support.apple.com/en-us/HT205370
identifier	HT205370	HT205370	HT205370
person_name	John Villamil	John Villamil	John Villamil
company_name	Yahoo Pentest Team	Yahoo Pentest Team	Yahoo Pentest Team
disputed	0	0	0
price_0day	$100k and more	$100k and more	$100k and more
price_trend	+	+	+
name	Upgrade	Upgrade	Upgrade
date	1445385600 (10/21/2015)	1445385600 (10/21/2015)	1445385600 (10/21/2015)
upgrade_version	9.1	9.1	9.1
cve	CVE-2015-6977	CVE-2015-6977	CVE-2015-6977
securityfocus_title	Apple iOS and Mac OS X Multiple Security Vulnerabilities	Apple iOS and Mac OS X Multiple Security Vulnerabilities	Apple iOS and Mac OS X Multiple Security Vulnerabilities
seealso	77709 78724 78725 78727 78728 78729 78730 78731 78732 78733 78734 78735 78736 78738 78739 78740 78741 78742 78743 78744 78745 78746 78747 78749 78750 78751 78752 78753 78754 78755	77709 78724 78725 78727 78728 78729 78730 78731 78732 78733 78734 78735 78736 78738 78739 78740 78741 78742 78743 78744 78745 78746 78747 78749 78750 78751 78752 78753 78754 78755	77709 78724 78725 78727 78728 78729 78730 78731 78732 78733 78734 78735 78736 78738 78739 78740 78741 78742 78743 78744 78745 78746 78747 78749 78750 78751 78752 78753 78754 78755
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
cvss3_vuldb_av	N	N	N
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
type	Smartphone Operating System	Smartphone Operating System	Smartphone Operating System
vendor	Apple	Apple	Apple
name	iOS	iOS	iOS
version	<=9.0	<=9.0	<=9.0
component	FontParser	FontParser	FontParser
input_type	Font File	Font File	Font File
cwe	119 (memory corruption)	119 (memory corruption)	119 (memory corruption)
confirm_url	https://support.apple.com/HT205370	https://support.apple.com/HT205370	https://support.apple.com/HT205370
cve_assigned	1442361600 (09/16/2015)	1442361600 (09/16/2015)	1442361600 (09/16/2015)
cve_nvd_published	1445558400	1445558400	1445558400
securityfocus	77263	77263	77263
securityfocus_date	1445385600 (10/21/2015)	1445385600 (10/21/2015)	1445385600 (10/21/2015)
securityfocus_class	Unknown	Unknown	Unknown
nessus_id	86654	86654	86654
nessus_name	Mac OS X < 10.11.1 Multiple Vulnerabilities	Mac OS X < 10.11.1 Multiple Vulnerabilities	Mac OS X < 10.11.1 Multiple Vulnerabilities
nessus_filename	macosx_10_11_1.nasl	macosx_10_11_1.nasl	macosx_10_11_1.nasl
nessus_family	MacOS X Local Security Checks	MacOS X Local Security Checks	MacOS X Local Security Checks
sectracker		1033929	1033929
cve_nvd_summary		FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.	FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
cvss2_nvd_basescore		6.8	6.8
nessus_risk			Critical

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!