Sign-up

ID

VAR-201501-0267


CVE

CVE-2014-8830


TITLE

Apple OS X of SceneKit Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001307

DESCRIPTION

Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.10.2. SceneKit is one of the 3D rendering frameworks

Trust: 1.98

sources: NVD: CVE-2014-8830 // JVNDB: JVNDB-2015-001307 // BID: 72328 // VULHUB: VHN-76775

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.10.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.10.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.2

Trust: 0.3

sources: BID: 72328 // JVNDB: JVNDB-2015-001307 // CNNVD: CNNVD-201501-732 // NVD: CVE-2014-8830

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8830
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8830
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-732
value: MEDIUM

Trust: 0.6

VULHUB: VHN-76775
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8830
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-76775
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-76775 // JVNDB: JVNDB-2015-001307 // CNNVD: CNNVD-201501-732 // NVD: CVE-2014-8830

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-76775 // JVNDB: JVNDB-2015-001307 // NVD: CVE-2014-8830

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201501-732

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201501-732

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001307

PATCH
title:APPLE-SA-2015-01-27-4url:http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Trust: 0.8
title:APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004url:http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Trust: 0.8
title:HT204244url:http://support.apple.com/en-us/HT204244
Trust: 0.8
title:HT204659url:https://support.apple.com/en-us/HT204659
Trust: 0.8
title:HT204244url:http://support.apple.com/ja-jp/HT204244
Trust: 0.8
title:HT204659url:https://support.apple.com/ja-jp/HT204659
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001307

EXTERNAL IDS
db:NVDid:CVE-2014-8830
Trust: 2.8
db:SECTRACKid:1031650
Trust: 1.1
db:BIDid:72328
Trust: 0.9
db:JVNid:JVNVU96447236
Trust: 0.8
db:JVNid:JVNVU91828320
Trust: 0.8
db:JVNDBid:JVNDB-2015-001307
Trust: 0.8
db:CNNVDid:CNNVD-201501-732
Trust: 0.7
db:VULHUBid:VHN-76775
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76775 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001307 // 
            
            
            
            CNNVD: CNNVD-201501-732 // 
            
            
            
            NVD: CVE-2014-8830

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html
Trust: 1.1
url:http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html
Trust: 1.1
url:http://support.apple.com/ht204244
Trust: 1.1
url:https://support.apple.com/ht204659
Trust: 1.1
url:http://www.securitytracker.com/id/1031650
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100524
Trust: 1.1
url:http://www.apple.com/macosx/
Trust: 0.9
url:https://support.apple.com/en-us/ht204659
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8830
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96447236/
Trust: 0.8
url:http://jvn.jp/vu/jvnvu91828320/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8830
Trust: 0.8
url:https://www.securityfocus.com/bid/72328
Trust: 0.6
sources:
            
            
            VULHUB: VHN-76775 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001307 // 
            
            
            
            CNNVD: CNNVD-201501-732 // 
            
            
            
            NVD: CVE-2014-8830

CREDITS
Vitaliy Toropov working with HP's Zero Day Initiative, Roberto Paleari and Aristide Fattori of Emaze Networks, Sten Petersen, Mike Myers,Ian Beer of Google Project Zero, Ale, @PanguTeam, Trammell Hudson of Two Sigma Investments, Alex, of Digital Operatives LLC
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201501-732

SOURCES
db:VULHUBid:VHN-76775
db:BIDid:72328
db:JVNDBid:JVNDB-2015-001307
db:CNNVDid:CNNVD-201501-732
db:NVDid:CVE-2014-8830

LAST UPDATE DATE
2025-04-13T22:51:41.686000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-76775date:2017-09-08T00:00:00
db:BIDid:72328date:2019-04-12T18:00:00
db:JVNDBid:JVNDB-2015-001307date:2015-04-10T00:00:00
db:CNNVDid:CNNVD-201501-732date:2019-04-15T00:00:00
db:NVDid:CVE-2014-8830date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-76775date:2015-01-30T00:00:00
db:BIDid:72328date:2015-01-27T00:00:00
db:JVNDBid:JVNDB-2015-001307date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-732date:2015-01-27T00:00:00
db:NVDid:CVE-2014-8830date:2015-01-30T11:59:40.220