VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 14, 2014· Updated May 6, 2026

CVE-2014-1280

CVE-2014-1280

Description

Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A crafted MPEG-4 video file triggers a NULL pointer dereference in the Video Driver of Apple iOS and Apple TV, causing a device hang.

Vulnerability

The Video Driver component in Apple iOS before 7.1 and Apple TV before 6.1 contains a NULL pointer dereference vulnerability when processing a specially crafted MPEG-4 encoded video file. This allows a remote attacker to cause a denial of service by delivering the malicious file to the target device.

Exploitation

An attacker needs to deliver a crafted MPEG-4 video file to the target device, for example via a web page, email attachment, or other means that triggers video playback. No authentication is required; the vulnerability is triggered when the device's video driver processes the malformed file.

Impact

Successful exploitation results in a NULL pointer dereference that causes the device to hang, leading to a denial of service. The device becomes unresponsive and may require a forced restart. No code execution or data compromise is indicated.

Mitigation

Apple addressed this issue in iOS 7.1 and Apple TV 6.1, released on March 10, 2014 [1][2]. Users should update their devices to these versions or later. No workarounds are documented.

References
  1. About the security content of iOS 7.1 - Apple Support
  2. About the security content of Apple TV 6.1 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

12
  • Apple Inc./Iphone Os7 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.0.6
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
  • Apple Inc./tvOS3 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=6.0.2
    • cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
  • Apple Inc./TVllm-fuzzy
    Range: <6.1
  • Apple Inc./iOSllm-fuzzy
    Range: <7.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.