CVE-2015-7105
Description
A memory corruption vulnerability in CoreGraphics allows remote code execution or denial of service via a crafted font file on Apple platforms.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory corruption vulnerability in CoreGraphics allows remote code execution or denial of service via a crafted font file on Apple platforms.
Vulnerability
CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 contains a memory corruption vulnerability when processing crafted font files. An attacker can trigger this by providing a malicious font file to the affected system [1][2][3][4].
Exploitation
An attacker needs to deliver a specially crafted font file to the target device, for example via a web page or email. No authentication is required; the vulnerability can be triggered remotely [1][2][3][4].
Impact
Successful exploitation allows arbitrary code execution or denial of service (memory corruption). The attacker gains the ability to execute code at the privilege level of the CoreGraphics process, potentially leading to full system compromise [1][2][3][4].
Mitigation
Apple addressed this vulnerability in iOS 9.2, OS X El Capitan 10.11.2, tvOS 9.1, and watchOS 2.1. Users should update to the latest versions. No workarounds are documented [1][2][3][4].
- About the security content of OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks - Apple Support
- About the security content of iOS 9.2 - Apple Support
- About the security content of watchOS 2.1 - Apple Support
- About the security content of tvOS 9.1 - Apple Support
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=9.0
- (no CPE)range: <9.1
- Range: <9.2
- Range: <10.11.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- lists.apple.com/archives/security-announce/2015/Dec/msg00000.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Dec/msg00001.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Dec/msg00002.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlnvdVendor Advisory
- support.apple.com/HT205635nvdVendor Advisory
- support.apple.com/HT205637nvdVendor Advisory
- support.apple.com/HT205640nvdVendor Advisory
- support.apple.com/HT205641nvdVendor Advisory
- www.securityfocus.com/bid/78719nvd
- www.securitytracker.com/id/1034344nvd
News mentions
0No linked articles in our index yet.