Unrated severityNVD Advisory· Published Aug 17, 2015· Updated May 6, 2026

CVE-2015-5756

Description

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in Apple's FontParser allows remote code execution via a crafted font file on iOS and OS X.

Vulnerability

FontParser, the font processing component in Apple iOS and OS X, contains a memory corruption vulnerability that can be triggered by processing a crafted font file. The issue affects iOS versions before 8.4.1 and OS X versions before 10.10.5 (Yosemite) [1][2]. The vulnerability is distinct from CVE-2015-3804 and CVE-2015-5775.

Exploitation

An attacker can exploit this vulnerability by delivering a specially crafted font file to the target system, for example via a malicious web page, email attachment, or other means that cause the font to be processed by FontParser. No authentication is required, but user interaction (e.g., opening a document or viewing a web page) may be necessary to trigger the parsing [description].

Impact

Successful exploitation can lead to arbitrary code execution in the context of the affected application, or cause a denial of service through memory corruption and application crash. The attacker gains the ability to execute arbitrary code with the privileges of the user running the vulnerable software [description].

Mitigation

Apple addressed this vulnerability in iOS 8.4.1 and OS X Yosemite 10.10.5 (including Security Update 2015-006) [1][2]. Users should update to these or later versions. No workarounds are documented; applying the security updates is the recommended mitigation.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./iOSllm-fuzzy
Range: <8.4.1
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76343nvd
www.securitytracker.com/id/1033275nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000