Unrated severityNVD Advisory· Published Aug 17, 2015· Updated May 6, 2026

CVE-2015-5778

Description

CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in CoreMedia Playback allows remote code execution via a crafted movie file on iOS and OS X.

Vulnerability

A memory corruption vulnerability exists in CoreMedia Playback, the media playback component of Apple iOS and OS X. The flaw is triggered when processing a specially crafted movie file. Affected versions are iOS before 8.4.1 and OS X before 10.10.5 [1][2].

Exploitation

An attacker can exploit this vulnerability by delivering a malicious movie file to the target user. The user must open the file in an application that uses CoreMedia Playback, such as QuickTime Player or Safari. No additional privileges or authentication are required beyond normal user access. The crafted file causes memory corruption during parsing, leading to a crash or potential code execution.

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the user running the application, or cause a denial of service via application crash. This can lead to full system compromise on the affected device.

Mitigation

Apple addressed this vulnerability in iOS 8.4.1 and OS X Yosemite 10.10.5, released on August 13, 2015 [1][2]. Users should update to these versions or later. No workarounds are documented; the only mitigation is applying the security update.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./iOSllm-fuzzy
Range: <8.4.1
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76343nvd
www.securitytracker.com/id/1033275nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000