Unrated severityNVD Advisory· Published Oct 23, 2015· Updated May 6, 2026

CVE-2015-5942

Description

FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in Apple's FontParser allows remote code execution via a crafted font file, patched in iOS 9.1, OS X 10.11.1, and watchOS 2.0.1.

Vulnerability

FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 contains a memory corruption issue that can be triggered when processing a crafted font file. The vulnerability is distinct from CVE-2015-5927 but affects the same component [1][2][3].

Exploitation

An attacker can exploit this vulnerability by luring a user to open a malicious font file—for example, via a specially crafted web page, email attachment, or other delivery mechanism. No additional authentication or special privileges are required beyond user interaction to open the file [1][2].

Impact

Successful exploitation leads to arbitrary code execution in the context of the affected application or system, or a denial of service due to memory corruption. The attacker gains the ability to execute arbitrary commands or crash the process, potentially leading to full system compromise on the targeted device [1][2][3].

Mitigation

Apple addressed this vulnerability in iOS 9.1, OS X El Capitan 10.11.1 (and corresponding security updates for Yosemite and Mavericks), and watchOS 2.0.1, all released on October 21, 2015. Users should update to these versions or later. No workarounds are documented; the only mitigation is to apply the available patches [1][2][3].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=9.0.2
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.11.0
Apple Inc./watchOS2 versions
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <=2.0.0
- (no CPE)range: <2.0.1
Apple Inc./iOSllm-fuzzy
Range: <9.1
Apple Inc./OS Xllm-fuzzy
Range: <10.11.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Oct/msg00002.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Oct/msg00003.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlnvdVendor Advisory
support.apple.com/HT205370nvdVendor Advisory
support.apple.com/HT205375nvdVendor Advisory
support.apple.com/HT205378nvdVendor Advisory
www.securitytracker.com/id/1033929nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000