Unrated severityNVD Advisory· Published Aug 17, 2015· Updated May 6, 2026

CVE-2015-5758

Description

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A crafted TIFF image triggers memory corruption in Apple's ImageIO, allowing arbitrary code execution or denial of service on iOS and OS X.

Vulnerability

A memory corruption vulnerability exists in the ImageIO component of Apple iOS before 8.4.1 and OS X before 10.10.5. The bug is triggered when the system processes a crafted TIFF image file, leading to memory corruption. The affected versions are iOS 8.4 and earlier, and OS X 10.10.4 and earlier [1][2].

Exploitation

An attacker can exploit this vulnerability by supplying a specially crafted TIFF image to the target system. This can be achieved remotely, for example by tricking a user into viewing the malicious image via a web page, email attachment, or other means that causes ImageIO to parse the file. No authentication is required; the attacker only needs to deliver the image and have the target process it using the vulnerable ImageIO implementation [1][2].

Impact

Successful exploitation can lead to arbitrary code execution with the privileges of the application using ImageIO, or cause a denial of service through application crash. The impact is system compromise or service disruption, depending on how the attacker uses the memory corruption [1][2].

Mitigation

Apple released fixes in iOS 8.4.1 and OS X Yosemite v10.10.5 (Security Update 2015-006). Users should update to these versions or later. No workarounds are documented in the available references [1][2].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./iOSllm-fuzzy
Range: <8.4.1
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76343nvd
www.securitytracker.com/id/1033275nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000