Lucene search

[email protected]CVE-2015-5937

HistoryOct 23, 2015 - 9:59 p.m.

CVE-2015-5937

2015-10-2321:59:14

CWE-119

[email protected]

web.nvd.nist.gov

cve

imageio

apple

ios

os x

watchos

remote attackers

arbitrary code

denial of service

memory corruption

metadata

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.4%

JSON

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939.

Affected configurations

NVD

Node

applewatchosRange≤2.0.0

Node

appleiphone_osRange≤9.0.2

Node

applemac_os_xRange≤10.11.0

CPENameOperatorVersion
apple:watchosapple watchosle2.0.0

CPE	Name	Operator	Version
apple:watchos	apple watchos	le	2.0.0

References

lists.apple.com/archives/security-announce/2015/Oct/msg00002.html

lists.apple.com/archives/security-announce/2015/Oct/msg00003.html

lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

www.securitytracker.com/id/1033929

support.apple.com/HT205370

support.apple.com/HT205375

support.apple.com/HT205378

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.4%

JSON

Related for CVE-2015-5937

prion4 cvelist4 cve3 nvd4 securityvulns6 openvas2 nessus5