Unrated severityNVD Advisory· Published Aug 17, 2015· Updated May 6, 2026

CVE-2015-3800

Description

The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in Apple's DiskImages component allows local users to gain privileges or cause a denial of service via a malformed DMG image.

Vulnerability

The DiskImages component in Apple iOS prior to version 8.4.1 and OS X prior to version 10.10.5 contains a memory corruption vulnerability that can be triggered by processing a malformed DMG disk image. The issue exists in the code that parses DMG images, and no special configuration is required beyond the ability to mount a DMG file.

Exploitation

An attacker with local access to the system can craft a malicious DMG image and cause the target user or system to mount it. No additional authentication is needed beyond the ability to mount a disk image. The malformed image triggers memory corruption in the DiskImages component, leading to either a denial of service (application crash) or potential privilege escalation.

Impact

Successful exploitation can result in either a denial of service due to application crash or, more critically, privilege escalation, allowing the attacker to gain elevated privileges on the affected system. The exact scope of privilege escalation is not detailed in public sources, but it is considered a serious vulnerability.

Mitigation

Apple addressed this vulnerability in iOS 8.4.1 and OS X Yosemite 10.10.5, released on August 13, 2015 [1][2]. Users should update their devices to these versions or later. No workarounds are available, and the vulnerability is not known to be exploited in the wild as of the publication date.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./iOSllm-fuzzy
Range: <8.4.1
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76343nvd
www.securitytracker.com/id/1033275nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000