Apple iOS up to 9.0 FontParser Font File memory corruption

A vulnerability was found in Apple iOS up to 9.0 (Smartphone Operating System) and classified as critical. This issue affects an unknown functionality of the component FontParser. Upgrading to version 9.1 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field02/12/2018 08:48 AM06/24/2022 02:00 AM06/24/2022 02:08 AM
risk222
cvss2_vuldb_basescore5.15.15.1
cvss2_vuldb_tempscore4.44.44.4
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore7.37.37.3
cvss3_meta_tempscore7.07.07.0
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore7.07.07.0
advisoryquoteMultiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.
date1445385600 (10/21/2015)1445385600 (10/21/2015)1445385600 (10/21/2015)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttps://support.apple.com/en-us/HT205370https://support.apple.com/en-us/HT205370https://support.apple.com/en-us/HT205370
identifierHT205370HT205370HT205370
person_nameJohn VillamilJohn VillamilJohn Villamil
company_nameYahoo Pentest TeamYahoo Pentest TeamYahoo Pentest Team
disputed000
price_0day$100k and more$100k and more$100k and more
price_trend+++
nameUpgradeUpgradeUpgrade
date1445385600 (10/21/2015)1445385600 (10/21/2015)1445385600 (10/21/2015)
upgrade_version9.19.19.1
cveCVE-2015-6977CVE-2015-6977CVE-2015-6977
securityfocus_titleApple iOS and Mac OS X Multiple Security VulnerabilitiesApple iOS and Mac OS X Multiple Security VulnerabilitiesApple iOS and Mac OS X Multiple Security Vulnerabilities
seealso77709 78724 78725 78727 78728 78729 78730 78731 78732 78733 78734 78735 78736 78738 78739 78740 78741 78742 78743 78744 78745 78746 78747 78749 78750 78751 78752 78753 78754 7875577709 78724 78725 78727 78728 78729 78730 78731 78732 78733 78734 78735 78736 78738 78739 78740 78741 78742 78743 78744 78745 78746 78747 78749 78750 78751 78752 78753 78754 7875577709 78724 78725 78727 78728 78729 78730 78731 78732 78733 78734 78735 78736 78738 78739 78740 78741 78742 78743 78744 78745 78746 78747 78749 78750 78751 78752 78753 78754 78755
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_vuldb_avNNN
cvss3_vuldb_prNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
typeSmartphone Operating SystemSmartphone Operating SystemSmartphone Operating System
vendorAppleAppleApple
nameiOSiOSiOS
version<=9.0<=9.0<=9.0
componentFontParserFontParserFontParser
input_typeFont FileFont FileFont File
cwe119 (memory corruption)119 (memory corruption)119 (memory corruption)
confirm_urlhttps://support.apple.com/HT205370https://support.apple.com/HT205370https://support.apple.com/HT205370
cve_assigned1442361600 (09/16/2015)1442361600 (09/16/2015)1442361600 (09/16/2015)
cve_nvd_published144555840014455584001445558400
securityfocus772637726377263
securityfocus_date1445385600 (10/21/2015)1445385600 (10/21/2015)1445385600 (10/21/2015)
securityfocus_classUnknownUnknownUnknown
nessus_id866548665486654
nessus_nameMac OS X < 10.11.1 Multiple VulnerabilitiesMac OS X < 10.11.1 Multiple VulnerabilitiesMac OS X < 10.11.1 Multiple Vulnerabilities
nessus_filenamemacosx_10_11_1.naslmacosx_10_11_1.naslmacosx_10_11_1.nasl
nessus_familyMacOS X Local Security ChecksMacOS X Local Security ChecksMacOS X Local Security Checks
sectracker10339291033929
cve_nvd_summaryFontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
cvss2_nvd_basescore6.86.8
nessus_riskCritical

Do you want to use VulDB in your project?

Use the official API to access entries easily!