Unrated severityNVD Advisory· Published Aug 17, 2015· Updated May 6, 2026

CVE-2015-5775

Description

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in Apple's FontParser allows remote code execution or denial of service via a crafted font file on iOS and OS X.

Vulnerability

FontParser in Apple iOS (before 8.4.1) and OS X (before 10.10.5) contains a memory corruption vulnerability that can be triggered by processing a crafted font file. This issue is distinct from CVE-2015-3804 and CVE-2015-5756.

Exploitation

An attacker can exploit this vulnerability by delivering a maliciously crafted font file to the target system, for example via a web page or email. No authentication is required; the vulnerability is triggered when the font is processed by FontParser, which may occur automatically in applications such as Safari or Mail.

Impact

Successful exploitation allows an attacker to execute arbitrary code or cause a denial of service (application crash) due to memory corruption. Code execution occurs in the context of the application using FontParser, potentially leading to full system compromise on affected iOS and OS X versions.

Mitigation

Apple addressed this vulnerability in iOS 8.4.1 [2] and OS X 10.10.5 (Yosemite) [1]. Users should update to these or later versions. No workarounds are documented. This CVE is not listed in the Known Exploited Vulnerabilities (KEV) catalog.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./iOSllm-fuzzy
Range: <8.4.1
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76343nvd
www.securitytracker.com/id/1033275nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000