Unrated severityNVD Advisory· Published Jul 3, 2015· Updated May 6, 2026

CVE-2015-3719

Description

TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Apple iOS before 8.4 and OS X before 10.10.4 FontParser memory corruption allows remote code execution via crafted font file.

Vulnerability

A memory corruption vulnerability exists in the TrueTypeScaler component of FontParser in Apple iOS (before 8.4) and OS X (before 10.10.4). It is triggered when processing a crafted font file [1][2]. This vulnerability is distinct from CVE-2015-3694.

Exploitation

An attacker can exploit this vulnerability remotely by delivering a malicious font file to the target, such as through a web page or email. The user only needs to view the content that causes the font to be processed; no authentication is required.

Impact

Successful exploitation leads to arbitrary code execution or denial of service (memory corruption). An attacker may execute arbitrary code with the privileges of the application processing the font, potentially leading to full system compromise.

Mitigation

Apple addressed the issue in iOS 8.4 and OS X Yosemite v10.10.4 and Security Update 2015-005, released on June 30, 2015 [1][2]. Users should update their devices to the latest available versions.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.3
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.3
Apple Inc./iOSllm-fuzzy
Range: <8.4
Apple Inc./OS Xllm-fuzzy
Range: <10.10.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlnvdPatchVendor Advisory
lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlnvdVendor Advisory
support.apple.com/kb/HT204941nvdVendor Advisory
support.apple.com/kb/HT204942nvdVendor Advisory
www.securityfocus.com/bid/75491nvd
www.securitytracker.com/id/1032760nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000