Unrated severityNVD Advisory· Published Aug 16, 2015· Updated May 6, 2026

CVE-2015-3767

Description

udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local user can exploit a memory corruption vulnerability in the udf kernel extension of OS X via a malformed DMG image to gain privileges or cause a denial of service.

Vulnerability

The vulnerability resides in the udf kernel extension in Apple OS X versions prior to 10.10.5. It is triggered when the system mounts a specially crafted DMG image containing a malformed UDF filesystem. The issue leads to memory corruption.

Exploitation

An attacker must have local access to the system and the ability to mount a DMG image (e.g., by inserting a USB drive or downloading a malicious image). No additional authentication is required beyond local user privileges. The attacker crafts a DMG with a malformed UDF structure; upon mounting, the kernel extension processes the malformed data, causing memory corruption.

Impact

Successful exploitation allows the attacker to cause a denial of service (application crash) or potentially escalate privileges to kernel level, gaining full control of the system.

Mitigation

Apple addressed this vulnerability in OS X Yosemite v10.10.5, released on August 13, 2015 [1]. Users should update to that version or later. No workarounds are documented. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog.

References

About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76340nvd
www.securitytracker.com/id/1033276nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000