22 Oct 2015

CVE-2015-5935

Publié par . Publié dans Overflows

Vulnerability Details :

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.
Publish Date : 2015-10-23 Last Update Date : 2015-10-26

- CVSS Scores & Vulnerability Types

CVSS Score	6.8
Confidentiality Impact	Partial(There is considerable informational disclosure.)
Integrity Impact	Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial(There is reduced performance or interruptions in resource availability.)
Access Complexity	Medium(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required(Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceExecute CodeOverflowMemory corruption
CWE ID	119

- Products Affected By CVE-2015-5935

#	Product Type	Vendor	Product	Version
1	OS	Apple	Iphone Os	9.0.2	Version Details Vulnerabilities
2	OS	Apple	Mac Os X	10.11.0	Version Details Vulnerabilities
3	OS	Apple	Watchos	2.0.0	Version Details Vulnerabilities