VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 18, 2014· Updated May 6, 2026

CVE-2014-4377

CVE-2014-4377

Description

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote code execution or denial of service via a crafted PDF document.

Vulnerability

Integer overflow in CoreGraphics, the graphics rendering framework, in Apple iOS versions prior to 8 and Apple TV versions prior to 7. The vulnerability is triggered when parsing a specially crafted PDF document. Affected versions: iOS 7.x and earlier, Apple TV 6.x and earlier.

Exploitation

An attacker can deliver a malicious PDF document to the target device, for example via email, web download, or other means. If the user opens the PDF, the integer overflow in CoreGraphics occurs, leading to memory corruption. No authentication is required beyond user interaction to open the file.

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected application (e.g., MobileSafari or PDF viewer) or cause a denial of service (application crash). This could lead to full device compromise.

Mitigation

Apple addressed the issue in iOS 8 [1] and Apple TV 7 [2]. Users should update their devices to the latest available versions. No workaround is available. The vulnerability is not listed on the CISA KEV as of the publication date.

References
  1. About the security content of iOS 8 - Apple Support
  2. About the security content of Apple TV 7 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

20
  • Apple Inc./Iphone Os10 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.1.2
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*
  • Apple Inc./Mac Os X
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <=10.9.4
  • Apple Inc./tvOS7 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=6.2
    • cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1.2:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <8
  • Apple Inc./Apple TVllm-fuzzy
    Range: <7

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.