Unrated severityNVD Advisory· Published Jan 30, 2015· Updated May 6, 2026

CVE-2014-4484

Description

FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in Apple FontParser allows arbitrary code execution via a crafted .dfont file on iOS, OS X, and Apple TV.

Vulnerability

The FontParser component in Apple iOS before 8.1.3, OS X before 10.10.2, and Apple TV before 7.0.3 contains a memory corruption vulnerability. An attacker can exploit this by providing a specially crafted .dfont file, which triggers memory corruption when processed, potentially leading to arbitrary code execution.

Exploitation

An attacker needs to deliver a malicious .dfont file to the target system, for example, by persuading a user to open a malicious document or visit a crafted webpage. No authentication is required, and the system processes the file through the FontParser interface, resulting in memory corruption.

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the affected application, which could lead to full system compromise. Alternatively, exploitation could cause a denial of service through an application crash.

Mitigation

Apple has addressed this issue in iOS 8.1.3 [2], OS X 10.10.2 [1], and Apple TV 7.0.3 [3]. Users are advised to update their devices to the latest available versions. No known workarounds exist for unpatched systems.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.1.2
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.1
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <=7.0.1
Apple Inc./iOSllm-fuzzy
Range: <8.1.3
Apple Inc./OS Xllm-fuzzy
Range: <10.10.2
Apple Inc./Apple TVllm-fuzzy
Range: <7.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Jan/msg00000.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Jan/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlnvdVendor Advisory
support.apple.com/HT204244nvdVendor Advisory
support.apple.com/HT204245nvdVendor Advisory
support.apple.com/HT204246nvdVendor Advisory
www.securitytracker.com/id/1031650nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000