Sign-up

ID

VAR-201501-0254


CVE

CVE-2014-8816


TITLE

Apple OS X of CoreGraphics Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-001300

DESCRIPTION

CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.10.2

Trust: 2.07

sources: NVD: CVE-2014-8816 // JVNDB: JVNDB-2015-001300 // BID: 72328 // VULHUB: VHN-76761 // VULMON: CVE-2014-8816

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.9.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.2

Trust: 0.3

sources: BID: 72328 // JVNDB: JVNDB-2015-001300 // CNNVD: CNNVD-201501-742 // NVD: CVE-2014-8816

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8816
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8816
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-742
value: MEDIUM

Trust: 0.6

VULHUB: VHN-76761
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-8816
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8816
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-76761
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-76761 // VULMON: CVE-2014-8816 // JVNDB: JVNDB-2015-001300 // CNNVD: CNNVD-201501-742 // NVD: CVE-2014-8816

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-76761 // JVNDB: JVNDB-2015-001300 // NVD: CVE-2014-8816

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201501-742

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201501-742

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001300

PATCH
title:APPLE-SA-2015-01-27-4url:http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Trust: 0.8
title:HT204244url:http://support.apple.com/en-us/HT204244
Trust: 0.8
title:HT204244url:http://support.apple.com/ja-jp/HT204244
Trust: 0.8
title: - url:https://github.com/0xCyberY/CVE-T4PDF 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2014-8816 // 
            
            
            
            JVNDB: JVNDB-2015-001300

EXTERNAL IDS
db:NVDid:CVE-2014-8816
Trust: 2.9
db:SECTRACKid:1031650
Trust: 1.2
db:BIDid:72328
Trust: 1.0
db:JVNid:JVNVU96447236
Trust: 0.8
db:JVNDBid:JVNDB-2015-001300
Trust: 0.8
db:CNNVDid:CNNVD-201501-742
Trust: 0.7
db:VULHUBid:VHN-76761
Trust: 0.1
db:VULMONid:CVE-2014-8816
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76761 // 
            
            
            
            VULMON: CVE-2014-8816 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001300 // 
            
            
            
            CNNVD: CNNVD-201501-742 // 
            
            
            
            NVD: CVE-2014-8816

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html
Trust: 1.2
url:http://support.apple.com/ht204244
Trust: 1.2
url:http://www.securitytracker.com/id/1031650
Trust: 1.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100495
Trust: 1.2
url:http://www.apple.com/macosx/
Trust: 0.9
url:https://support.apple.com/en-us/ht204659
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8816
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96447236/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8816
Trust: 0.8
url:https://www.securityfocus.com/bid/72328
Trust: 0.7
url:https://cwe.mitre.org/data/definitions/399.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37192
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76761 // 
            
            
            
            VULMON: CVE-2014-8816 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001300 // 
            
            
            
            CNNVD: CNNVD-201501-742 // 
            
            
            
            NVD: CVE-2014-8816

CREDITS
Vitaliy Toropov working with HP's Zero Day Initiative, Roberto Paleari and Aristide Fattori of Emaze Networks, Sten Petersen, Mike Myers,Ian Beer of Google Project Zero, Ale, @PanguTeam, Trammell Hudson of Two Sigma Investments, Alex, of Digital Operatives LLC
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201501-742

SOURCES
db:VULHUBid:VHN-76761
db:VULMONid:CVE-2014-8816
db:BIDid:72328
db:JVNDBid:JVNDB-2015-001300
db:CNNVDid:CNNVD-201501-742
db:NVDid:CVE-2014-8816

LAST UPDATE DATE
2025-04-13T19:41:39.453000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-76761date:2017-09-08T00:00:00
db:VULMONid:CVE-2014-8816date:2017-09-08T00:00:00
db:BIDid:72328date:2019-04-12T18:00:00
db:JVNDBid:JVNDB-2015-001300date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-742date:2019-04-16T00:00:00
db:NVDid:CVE-2014-8816date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-76761date:2015-01-30T00:00:00
db:VULMONid:CVE-2014-8816date:2015-01-30T00:00:00
db:BIDid:72328date:2015-01-27T00:00:00
db:JVNDBid:JVNDB-2015-001300date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-742date:2015-01-27T00:00:00
db:NVDid:CVE-2014-8816date:2015-01-30T11:59:28.750