Details of VAR-201510-0171

ID

VAR-201510-0171

CVE

CVE-2015-7008

TITLE

Apple iOS and OS X of FontParser Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-005559

DESCRIPTION

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, overwrite arbitrary files and cause denial-of-service conditions. in the United States. FontParser is a font parsing component

Trust: 1.98

sources: NVD: CVE-2015-7008 // JVNDB: JVNDB-2015-005559 // BID: 77263 // VULHUB: VHN-84969

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.0.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.0.2	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 77263 // JVNDB: JVNDB-2015-005559 // CNNVD: CNNVD-201510-549 // NVD: CVE-2015-7008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7008
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7008
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201510-549
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84969
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7008
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84969
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84969 // JVNDB: JVNDB-2015-005559 // CNNVD: CNNVD-201510-549 // NVD: CVE-2015-7008

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-84969 // JVNDB: JVNDB-2015-005559 // NVD: CVE-2015-7008

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-549

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201510-549

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005559

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007	url:	http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html	Trust: 0.8
title:	APPLE-SA-2015-10-21-1 iOS 9.1	url:	http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html	Trust: 0.8
title:	HT205370	url:	https://support.apple.com/en-us/HT205370	Trust: 0.8
title:	HT205375	url:	https://support.apple.com/en-us/HT205375	Trust: 0.8
title:	HT205370	url:	http://support.apple.com/ja-jp/HT205370	Trust: 0.8
title:	HT205375	url:	http://support.apple.com/ja-jp/HT205375	Trust: 0.8

sources: JVNDB: JVNDB-2015-005559

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7008	Trust: 2.8
db:	BID	id:	77263	Trust: 1.4
db:	SECTRACK	id:	1033929	Trust: 1.1
db:	JVN	id:	JVNVU92655282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005559	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-549	Trust: 0.7
db:	VULHUB	id:	VHN-84969	Trust: 0.1

sources: VULHUB: VHN-84969 // BID: 77263 // JVNDB: JVNDB-2015-005559 // CNNVD: CNNVD-201510-549 // NVD: CVE-2015-7008

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html	Trust: 1.7
url:	https://support.apple.com/ht205370	Trust: 1.7
url:	https://support.apple.com/ht205375	Trust: 1.7
url:	http://www.securityfocus.com/bid/77263	Trust: 1.1
url:	http://www.securitytracker.com/id/1033929	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7008	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92655282/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7008	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-84969 // BID: 77263 // JVNDB: JVNDB-2015-005559 // CNNVD: CNNVD-201510-549 // NVD: CVE-2015-7008

CREDITS

Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Hu

Trust: 0.3

sources: BID: 77263

SOURCES

db:	VULHUB	id:	VHN-84969
db:	BID	id:	77263
db:	JVNDB	id:	JVNDB-2015-005559
db:	CNNVD	id:	CNNVD-201510-549
db:	NVD	id:	CVE-2015-7008

LAST UPDATE DATE

2025-04-13T21:52:05.336000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84969	date:	2016-12-24T00:00:00
db:	BID	id:	77263	date:	2016-01-12T02:01:00
db:	JVNDB	id:	JVNDB-2015-005559	date:	2015-10-27T00:00:00
db:	CNNVD	id:	CNNVD-201510-549	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-7008	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84969	date:	2015-10-23T00:00:00
db:	BID	id:	77263	date:	2015-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2015-005559	date:	2015-10-27T00:00:00
db:	CNNVD	id:	CNNVD-201510-549	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-7008	date:	2015-10-23T21:59:42.937