Sign-up

ID

VAR-201508-0048


CVE

CVE-2015-5778


TITLE

Apple iOS and OS X of CoreMedia Playback Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-004255

DESCRIPTION

CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777. Apple Mac OS X and iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. Versions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States

Trust: 2.07

sources: NVD: CVE-2015-5778 // JVNDB: JVNDB-2015-004255 // BID: 76343 // VULHUB: VHN-83739 // VULMON: CVE-2015-5778

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.4

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:8.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.4

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.10.4

Trust: 0.6

vendor:applemodel:keynotescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.0

Trust: 0.3

sources: BID: 76343 // JVNDB: JVNDB-2015-004255 // CNNVD: CNNVD-201508-308 // NVD: CVE-2015-5778

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5778
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5778
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-308
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83739
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-5778
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5778
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83739
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83739 // VULMON: CVE-2015-5778 // JVNDB: JVNDB-2015-004255 // CNNVD: CNNVD-201508-308 // NVD: CVE-2015-5778

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-83739 // JVNDB: JVNDB-2015-004255 // NVD: CVE-2015-5778

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-308

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201508-308

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004255

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-08-13-3 iOS 8.4.1url:http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Trust: 0.8
title:APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006url:http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Trust: 0.8
title:HT205030url:http://support.apple.com/en-us/HT205030
Trust: 0.8
title:HT205031url:http://support.apple.com/en-us/HT205031
Trust: 0.8
title:HT205030url:http://support.apple.com/ja-jp/HT205030
Trust: 0.8
title:HT205031url:http://support.apple.com/ja-jp/HT205031
Trust: 0.8
title:osxupd10.10.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57197
Trust: 0.6
title:iPhone7,1_8.4.1_12H321_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57198
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-004255 // 
            
            
            
            CNNVD: CNNVD-201508-308

EXTERNAL IDS
db:NVDid:CVE-2015-5778
Trust: 2.9
db:BIDid:76343
Trust: 2.1
db:SECTRACKid:1033275
Trust: 1.2
db:JVNid:JVNVU94440136
Trust: 0.8
db:JVNDBid:JVNDB-2015-004255
Trust: 0.8
db:CNNVDid:CNNVD-201508-308
Trust: 0.7
db:VULHUBid:VHN-83739
Trust: 0.1
db:VULMONid:CVE-2015-5778
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83739 // 
            
            
            
            VULMON: CVE-2015-5778 // 
            
            
            
            BID: 76343 // 
            
            
            
            JVNDB: JVNDB-2015-004255 // 
            
            
            
            CNNVD: CNNVD-201508-308 // 
            
            
            
            NVD: CVE-2015-5778

REFERENCES
url:http://www.securityfocus.com/bid/76343
Trust: 1.9
url:http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html
Trust: 1.8
url:https://support.apple.com/kb/ht205030
Trust: 1.8
url:https://support.apple.com/kb/ht205031
Trust: 1.8
url:http://www.securitytracker.com/id/1033275
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5778
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94440136/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5778
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-us/ht205221
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40485
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83739 // 
            
            
            
            VULMON: CVE-2015-5778 // 
            
            
            
            BID: 76343 // 
            
            
            
            JVNDB: JVNDB-2015-004255 // 
            
            
            
            CNNVD: CNNVD-201508-308 // 
            
            
            
            NVD: CVE-2015-5778

CREDITS
Apple, TaiG Jailbreak Team, Michal Zalewski, John Villamil (@day6reak) from Yahoo Pentest Team, Ilja van Sprundel, Ian Beer of Google Project Zero, Frank Graziano of the Yahoo Pentest Team, Lufeng Li of Qihoo 360, Mathew Rowley, Bruno Morisson of INTEGRIT S.A.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201508-308

SOURCES
db:VULHUBid:VHN-83739
db:VULMONid:CVE-2015-5778
db:BIDid:76343
db:JVNDBid:JVNDB-2015-004255
db:CNNVDid:CNNVD-201508-308
db:NVDid:CVE-2015-5778

LAST UPDATE DATE
2025-04-13T20:23:27.972000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83739date:2016-12-24T00:00:00
db:VULMONid:CVE-2015-5778date:2016-12-24T00:00:00
db:BIDid:76343date:2016-07-06T13:27:00
db:JVNDBid:JVNDB-2015-004255date:2015-08-21T00:00:00
db:CNNVDid:CNNVD-201508-308date:2015-08-21T00:00:00
db:NVDid:CVE-2015-5778date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83739date:2015-08-17T00:00:00
db:VULMONid:CVE-2015-5778date:2015-08-17T00:00:00
db:BIDid:76343date:2015-08-13T00:00:00
db:JVNDBid:JVNDB-2015-004255date:2015-08-21T00:00:00
db:CNNVDid:CNNVD-201508-308date:2015-08-18T00:00:00
db:NVDid:CVE-2015-5778date:2015-08-17T00:01:03.297