Details of VAR-201510-0158

ID

VAR-201510-0158

CVE

CVE-2015-6993

TITLE

Apple iOS and OS X of FontParser Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-005556

DESCRIPTION

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, overwrite arbitrary files and cause denial-of-service conditions. in the United States. FontParser is a font parsing component

Trust: 1.98

sources: NVD: CVE-2015-6993 // JVNDB: JVNDB-2015-005556 // BID: 77263 // VULHUB: VHN-84954

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.0.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.0.2	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 77263 // JVNDB: JVNDB-2015-005556 // CNNVD: CNNVD-201510-541 // NVD: CVE-2015-6993

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6993
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6993
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201510-541
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84954
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6993
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84954
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84954 // JVNDB: JVNDB-2015-005556 // CNNVD: CNNVD-201510-541 // NVD: CVE-2015-6993

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-84954 // JVNDB: JVNDB-2015-005556 // NVD: CVE-2015-6993

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-541

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201510-541

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005556

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007	url:	http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html	Trust: 0.8
title:	APPLE-SA-2015-10-21-1 iOS 9.1	url:	http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html	Trust: 0.8
title:	HT205370	url:	https://support.apple.com/en-us/HT205370	Trust: 0.8
title:	HT205375	url:	https://support.apple.com/en-us/HT205375	Trust: 0.8
title:	HT205370	url:	http://support.apple.com/ja-jp/HT205370	Trust: 0.8
title:	HT205375	url:	http://support.apple.com/ja-jp/HT205375	Trust: 0.8
title:	Apple iOS and Apple OS X FontParser Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58385	Trust: 0.6

sources: JVNDB: JVNDB-2015-005556 // CNNVD: CNNVD-201510-541

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6993	Trust: 2.8
db:	BID	id:	77263	Trust: 1.4
db:	SECTRACK	id:	1033929	Trust: 1.1
db:	JVN	id:	JVNVU92655282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005556	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-541	Trust: 0.7
db:	VULHUB	id:	VHN-84954	Trust: 0.1

sources: VULHUB: VHN-84954 // BID: 77263 // JVNDB: JVNDB-2015-005556 // CNNVD: CNNVD-201510-541 // NVD: CVE-2015-6993

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html	Trust: 1.7
url:	https://support.apple.com/ht205370	Trust: 1.7
url:	https://support.apple.com/ht205375	Trust: 1.7
url:	http://www.securityfocus.com/bid/77263	Trust: 1.1
url:	http://www.securitytracker.com/id/1033929	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6993	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92655282/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6993	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-84954 // BID: 77263 // JVNDB: JVNDB-2015-005556 // CNNVD: CNNVD-201510-541 // NVD: CVE-2015-6993

CREDITS

Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Hu

Trust: 0.3

sources: BID: 77263

SOURCES

db:	VULHUB	id:	VHN-84954
db:	BID	id:	77263
db:	JVNDB	id:	JVNDB-2015-005556
db:	CNNVD	id:	CNNVD-201510-541
db:	NVD	id:	CVE-2015-6993

LAST UPDATE DATE

2025-04-13T20:36:03.371000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84954	date:	2016-12-24T00:00:00
db:	BID	id:	77263	date:	2016-01-12T02:01:00
db:	JVNDB	id:	JVNDB-2015-005556	date:	2015-10-27T00:00:00
db:	CNNVD	id:	CNNVD-201510-541	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-6993	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84954	date:	2015-10-23T00:00:00
db:	BID	id:	77263	date:	2015-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2015-005556	date:	2015-10-27T00:00:00
db:	CNNVD	id:	CNNVD-201510-541	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-6993	date:	2015-10-23T21:59:34.873