ID CVE-2015-6976 Type cve Reporter NVD Modified 2016-12-23T21:59:34
Description
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
{"id": "CVE-2015-6976", "bulletinFamily": "NVD", "title": "CVE-2015-6976", "description": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.", "published": "2015-10-23T17:59:23", "modified": "2016-12-23T21:59:34", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6976", "reporter": "NVD", "references": ["http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html", "https://support.apple.com/HT205375", "http://www.securitytracker.com/id/1033929", "http://www.securityfocus.com/bid/77263", "https://support.apple.com/HT205370", "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"], "cvelist": ["CVE-2015-6976"], "type": "cve", "lastseen": "2017-04-18T15:58:09", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:apple:mac_os_x:10.11.0", "cpe:/o:apple:iphone_os:9.0.2"], "cvelist": ["CVE-2015-6976"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.", "edition": 1, "hash": "19fdb1eecdc50c5b4b8f92b9f1fdb691064e2444fbbe1f6c302f5579dd05e03f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "920600f910996e21a9f4ea201f5f881c", "key": "description"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "4ff61f1aef8b8aea72d47be9b5154047", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "6cabfff9c6f700ef6ef41b766726115e", "key": "published"}, {"hash": "0165d02d85b3730e3af50bac5a0f4d55", "key": "modified"}, {"hash": "0c8eb12f68545134941a020f0f9a0980", "key": "title"}, {"hash": "e226dbfe6390c1a865b62039d98df6b0", "key": "cpe"}, {"hash": "8d5c8d69deed2eac2da7621de299c462", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "3efe1e47a2944272e5ee6a3e7ce71b7f", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6976", "id": "CVE-2015-6976", "lastseen": "2016-09-03T23:11:04", "modified": "2015-10-26T20:27:03", "objectVersion": "1.2", "published": "2015-10-23T17:59:23", "references": ["http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html", "https://support.apple.com/HT205375", "https://support.apple.com/HT205370", "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2015-6976", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T23:11:04"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e226dbfe6390c1a865b62039d98df6b0"}, {"key": "cvelist", "hash": "3efe1e47a2944272e5ee6a3e7ce71b7f"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "920600f910996e21a9f4ea201f5f881c"}, {"key": "href", "hash": "8d5c8d69deed2eac2da7621de299c462"}, {"key": "modified", "hash": "5f6d56a8c55025d19f41390545048548"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "6cabfff9c6f700ef6ef41b766726115e"}, {"key": "references", "hash": "5daec91b14573983d5f37e4f1e45a77d"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "0c8eb12f68545134941a020f0f9a0980"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "954102f635327ffb1647527277748a6621e17b997040b51b3bf9179fd3b415be", "viewCount": 2, "objectVersion": "1.2", "cpe": ["cpe:/o:apple:mac_os_x:10.11.0", "cpe:/o:apple:iphone_os:9.0.2"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "enchantments": {"vulnersScore": 6.8}}
{"result": {"nessus": [{"id": "MACOSX_SECUPD2015-007.NASL", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)", "description": "The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-004 or 2015-007. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Accelerate Framework\n - apache_mod_php\n - ATS\n - Audio\n - CFNetwork\n - CoreGraphics\n - CoreText\n - EFI\n - FontParser\n - Grand Central Dispatch\n - ImageIO\n - IOAcceleratorFamily\n - Kernel\n - libarchive\n - MCX Application Restrictions\n - OpenGL\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "published": "2015-11-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86829", "cvelist": ["CVE-2015-6976", "CVE-2015-0235", "CVE-2015-5927", "CVE-2015-6975", "CVE-2015-7035", "CVE-2015-4860", "CVE-2015-5924", "CVE-2015-5939", "CVE-2015-6834", "CVE-2015-6991", "CVE-2015-7016", "CVE-2015-6992", "CVE-2015-6977", "CVE-2015-5934", "CVE-2015-5940", "CVE-2015-5932", "CVE-2015-0273", "CVE-2015-6978", "CVE-2015-7018", "CVE-2015-6985", "CVE-2015-5935", "CVE-2015-7010", "CVE-2015-6984", "CVE-2015-5937", "CVE-2015-7023", "CVE-2015-6993", "CVE-2015-6836", "CVE-2015-5936", "CVE-2015-6989", "CVE-2015-5942", "CVE-2015-7009", "CVE-2015-6996", "CVE-2015-6837", "CVE-2015-5944", "CVE-2015-5925", "CVE-2015-5938", "CVE-2015-6835", "CVE-2015-5926", "CVE-2015-6838", "CVE-2015-5933"], "lastseen": "2017-10-29T13:35:37"}, {"id": "MACOSX_10_11_1.NASL", "type": "nessus", "title": "Mac OS X < 10.11.1 Multiple Vulnerabilities", "description": "The remote host is running a version of Mac OS X that is 10.9.5 or later but prior to 10.11.1 It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Accelerate Framework (CVE-2015-5940)\n\n - apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)\n\n - ATS (CVE-2015-6985)\n\n - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003)\n\n - Bom (CVE-2015-7006)\n\n - CFNetwork (CVE-2015-7023)\n\n - configd (CVE-2015-7015)\n\n - CoreGraphics (CVE-2015-5925, CVE-2015-5926)\n\n - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017)\n\n - Directory Utility (CVE-2015-6980)\n\n - Disk Images (CVE-2015-6995)\n\n - EFI (CVE-2015-7035)\n\n - File Bookmark (CVE-2015-6987)\n\n - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)\n\n - Grand Central Dispatch (CVE-2015-6989)\n\n - Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021)\n\n - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939)\n\n - IOAcceleratorFamily (CVE-2015-6996)\n\n - IOHIDFamily (CVE-2015-6974)\n\n - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994)\n\n - libarchive (CVE-2015-6984)\n\n - MCX Application Restrictions (CVE-2015-7016)\n\n - Net-SNMP (CVE-2014-3565, CVE-2012-6151)\n\n - OpenGL (CVE-2015-5924)\n\n - OpenSSH (CVE-2015-6563)\n\n - Sandbox (CVE-2015-5945)\n\n - Script Editor (CVE-2015-7007)\n\n - Security (CVE-2015-6983, CVE-2015-7024)\n\n - SecurityAgent (CVE-2015-5943)\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "published": "2015-10-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86654", "cvelist": ["CVE-2015-6976", "CVE-2015-7007", "CVE-2015-6980", "CVE-2015-0235", "CVE-2015-5927", "CVE-2015-6975", "CVE-2015-7035", "CVE-2015-6987", "CVE-2015-7003", "CVE-2015-5924", "CVE-2015-6983", "CVE-2015-5939", "CVE-2015-6834", "CVE-2015-6991", "CVE-2015-7020", "CVE-2015-6994", "CVE-2015-7016", "CVE-2015-6992", "CVE-2015-7021", "CVE-2015-6977", "CVE-2014-3565", "CVE-2015-7024", "CVE-2012-6151", "CVE-2015-5934", "CVE-2015-5940", "CVE-2015-5932", "CVE-2015-0273", "CVE-2015-6995", "CVE-2015-6978", "CVE-2015-7018", "CVE-2015-6985", "CVE-2015-5935", "CVE-2015-7010", "CVE-2015-5945", "CVE-2015-6984", "CVE-2015-7008", "CVE-2015-5937", "CVE-2015-7023", "CVE-2015-6993", "CVE-2015-6836", "CVE-2015-5936", "CVE-2015-6989", "CVE-2015-5942", "CVE-2015-7015", "CVE-2015-6990", "CVE-2015-7009", "CVE-2015-6988", "CVE-2015-5943", "CVE-2015-6996", "CVE-2015-6837", "CVE-2015-6563", "CVE-2015-5944", "CVE-2015-5925", "CVE-2015-5938", "CVE-2015-6974", "CVE-2015-6835", "CVE-2015-7019", "CVE-2015-7006", "CVE-2015-7017", "CVE-2015-5926", "CVE-2015-6838", "CVE-2015-5933"], "lastseen": "2017-10-29T13:44:05"}]}}
