Details of VAR-201702-0264

ID

VAR-201702-0264

CVE

CVE-2016-7667

TITLE

plural Apple Product CoreText Service disruption in components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-007467

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string. Apple iOS/macOS are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Apple tvOS, iOS, and macOS Sierra are all products of Apple Inc. in the United States. Apple tvOS is a smart TV operating system; iOS is an operating system developed for mobile devices. CoreText is one of the text engines that can control text formatting and text layout. The following products and versions are affected: Apple tvOS prior to 10.1; iOS prior to 10.2; macOS Sierra prior to 10.12.2

Trust: 1.98

sources: NVD: CVE-2016-7667 // JVNDB: JVNDB-2016-007467 // BID: 96333 // VULHUB: VHN-96487

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.1	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	10.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios beta	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.2	Trust: 0.3

sources: BID: 96333 // JVNDB: JVNDB-2016-007467 // CNNVD: CNNVD-201702-715 // NVD: CVE-2016-7667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7667
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-7667
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201702-715
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-96487
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7667
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96487
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7667
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96487 // JVNDB: JVNDB-2016-007467 // CNNVD: CNNVD-201702-715 // NVD: CVE-2016-7667

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-96487 // JVNDB: JVNDB-2016-007467 // NVD: CVE-2016-7667

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-715

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201702-715

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007467

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-12-13-1 macOS 10.12.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html	Trust: 0.8
title:	APPLE-SA-2016-12-12-3 tvOS 10.1	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00002.html	Trust: 0.8
title:	APPLE-SA-2016-12-12-1 iOS 10.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00000.html	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/en-us/HT207422	Trust: 0.8
title:	HT207423	url:	https://support.apple.com/en-us/HT207423	Trust: 0.8
title:	HT207425	url:	https://support.apple.com/en-us/HT207425	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/ja-jp/HT207422	Trust: 0.8
title:	HT207423	url:	https://support.apple.com/ja-jp/HT207423	Trust: 0.8
title:	HT207425	url:	https://support.apple.com/ja-jp/HT207425	Trust: 0.8
title:	Multiple Apple product CoreText Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68138	Trust: 0.6

sources: JVNDB: JVNDB-2016-007467 // CNNVD: CNNVD-201702-715

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7667	Trust: 2.8
db:	JVN	id:	JVNVU97133642	Trust: 0.8
db:	JVN	id:	JVNVU93979172	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007467	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-715	Trust: 0.7
db:	BID	id:	96333	Trust: 0.4
db:	VULHUB	id:	VHN-96487	Trust: 0.1

sources: VULHUB: VHN-96487 // BID: 96333 // JVNDB: JVNDB-2016-007467 // CNNVD: CNNVD-201702-715 // NVD: CVE-2016-7667

REFERENCES

url:	https://support.apple.com/ht207422	Trust: 1.7
url:	https://support.apple.com/ht207423	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7667	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93979172/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97133642/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7667	Trust: 0.8
url:	https://support.apple.com/zh-cn/ht207425	Trust: 0.6
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://support.apple.com/en-us/ht201222	Trust: 0.3

sources: VULHUB: VHN-96487 // BID: 96333 // JVNDB: JVNDB-2016-007467 // CNNVD: CNNVD-201702-715 // NVD: CVE-2016-7667

CREDITS

Nasser Al-Hadhrami, Saif Al-Hinai of Digital Unit

Trust: 0.3

sources: BID: 96333

SOURCES

db:	VULHUB	id:	VHN-96487
db:	BID	id:	96333
db:	JVNDB	id:	JVNDB-2016-007467
db:	CNNVD	id:	CNNVD-201702-715
db:	NVD	id:	CVE-2016-7667

LAST UPDATE DATE

2025-04-20T22:56:47.708000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96487	date:	2017-02-22T00:00:00
db:	BID	id:	96333	date:	2017-03-07T02:05:00
db:	JVNDB	id:	JVNDB-2016-007467	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201702-715	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2016-7667	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96487	date:	2017-02-20T00:00:00
db:	BID	id:	96333	date:	2017-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2016-007467	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201702-715	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2016-7667	date:	2017-02-20T08:59:04.417