Unrated severityNVD Advisory· Published Jul 3, 2015· Updated May 6, 2026

CVE-2015-3694

Description

FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in Apple's FontParser allows remote code execution via a crafted font file on iOS before 8.4 and OS X before 10.10.4.

Vulnerability

FontParser in Apple iOS prior to 8.4 and OS X prior to 10.10.4 contains a memory corruption vulnerability (CVE-2015-3694) that can be triggered by processing a specially crafted font file. This issue is distinct from CVE-2015-3719. The affected versions are iOS 8.3 and earlier, and OS X Yosemite 10.10.3 and earlier.

Exploitation

An attacker can deliver the malicious font file remotely, for example through a web page or email, leveraging the operating system's font parsing capabilities. No authentication is required as the attack can be triggered when the user views content that uses the font. The vulnerability is exploited when FontParser processes the crafted font data, leading to memory corruption.

Impact

Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the affected process, potentially gaining full control of the system, or cause a denial of service via memory corruption.

Mitigation

Apple addressed this vulnerability in iOS 8.4 [2] and OS X Yosemite 10.10.4 (Security Update 2015-005) [1]. Users should update to these or later versions. No workarounds are provided in the available references.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.1.3
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.3
Apple Inc./iOSllm-fuzzy
Range: < 8.4
Apple Inc./OS Xllm-fuzzy
Range: < 10.10.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlnvdPatchVendor Advisory
lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlnvdPatchVendor Advisory
support.apple.com/kb/HT204941nvdVendor Advisory
support.apple.com/kb/HT204942nvdVendor Advisory
www.securityfocus.com/bid/75491nvd
www.securitytracker.com/id/1032760nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000