Sign-up

ID

VAR-201804-1053


CVE

CVE-2017-7003


TITLE

plural Apple Product CoreText Service disruption in components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-013139

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file. Apple iOS, macOS Sierra, tvOS, and watchOS are all products of the US company Apple (Apple). Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. CoreText is one of the typesetting engine components. The following products and versions are affected: Apple iOS prior to 10.3.2; macOS Sierra prior to 10.12.5; tvOS prior to 10.2.1; watchOS prior to 3.2.2

Trust: 1.71

sources: NVD: CVE-2017-7003 // JVNDB: JVNDB-2017-013139 // VULHUB: VHN-115206

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:ltversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:10.3.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.12.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.4

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3.2 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3.2 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3.2 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10.2.1 (apple tv ( first 4 generation ))

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:3.2.2 (apple watch all models )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:10.0.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion: -

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.0.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.1.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-013139 // CNNVD: CNNVD-201804-208 // NVD: CVE-2017-7003

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7003
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-7003
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-208
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115206
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7003
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115206
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7003
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115206 // JVNDB: JVNDB-2017-013139 // CNNVD: CNNVD-201804-208 // NVD: CVE-2017-7003

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-115206 // JVNDB: JVNDB-2017-013139 // NVD: CVE-2017-7003

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-208

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201804-208

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013139

PATCH
title:HT207801url:https://support.apple.com/en-us/HT207801
Trust: 0.8
title:HT207797url:https://support.apple.com/en-us/HT207797
Trust: 0.8
title:HT207798url:https://support.apple.com/en-us/HT207798
Trust: 0.8
title:HT207800url:https://support.apple.com/en-us/HT207800
Trust: 0.8
title:HT207797url:https://support.apple.com/ja-jp/HT207797
Trust: 0.8
title:HT207798url:https://support.apple.com/ja-jp/HT207798
Trust: 0.8
title:HT207800url:https://support.apple.com/ja-jp/HT207800
Trust: 0.8
title:HT207801url:https://support.apple.com/ja-jp/HT207801
Trust: 0.8
title:Multiple Apple product CoreText Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83060
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013139 // 
            
            
            
            CNNVD: CNNVD-201804-208

EXTERNAL IDS
db:NVDid:CVE-2017-7003
Trust: 2.5
db:JVNDBid:JVNDB-2017-013139
Trust: 0.8
db:CNNVDid:CNNVD-201804-208
Trust: 0.6
db:VULHUBid:VHN-115206
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115206 // 
            
            
            
            JVNDB: JVNDB-2017-013139 // 
            
            
            
            CNNVD: CNNVD-201804-208 // 
            
            
            
            NVD: CVE-2017-7003

REFERENCES
url:https://support.apple.com/ht207797
Trust: 1.7
url:https://support.apple.com/ht207798
Trust: 1.7
url:https://support.apple.com/ht207800
Trust: 1.7
url:https://support.apple.com/ht207801
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7003
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7003
Trust: 0.8
sources:
            
            
            VULHUB: VHN-115206 // 
            
            
            
            JVNDB: JVNDB-2017-013139 // 
            
            
            
            CNNVD: CNNVD-201804-208 // 
            
            
            
            NVD: CVE-2017-7003

SOURCES
db:VULHUBid:VHN-115206
db:JVNDBid:JVNDB-2017-013139
db:CNNVDid:CNNVD-201804-208
db:NVDid:CVE-2017-7003

LAST UPDATE DATE
2024-11-23T22:26:25.032000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115206date:2019-03-08T00:00:00
db:JVNDBid:JVNDB-2017-013139date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-208date:2019-03-13T00:00:00
db:NVDid:CVE-2017-7003date:2024-11-21T03:30:57.290

SOURCES RELEASE DATE
db:VULHUBid:VHN-115206date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013139date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-208date:2018-04-04T00:00:00
db:NVDid:CVE-2017-7003date:2018-04-03T06:29:01.703