Type Services

CVEs (11)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-4779	Apple Inc. OS X	Hig	0.51	7.8	0.02	Sep 25, 2016	Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
CVE-2016-1797	Apple Inc. Type Services	Hig	0.51	7.8	0.02	May 20, 2016	Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.
CVE-2015-6985	Apple Inc. OS X		0.00	—	0.02	Oct 23, 2015	Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page.
CVE-2015-3680	Apple Inc. OS X		0.00	—	0.03	Jul 3, 2015	Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682.
CVE-2011-0198	Apple Inc. Mac OS X		0.00	—	0.04	Jun 24, 2011	Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.
CVE-2011-0175	Apple Inc. Mac OS X		0.00	—	0.03	Mar 23, 2011	Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.
CVE-2010-1808	Apple Inc. Mac OS X		0.00	—	0.03	Aug 25, 2010	Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
CVE-2009-0154	Apple Inc. Mac OS X		0.00	—	0.06	May 13, 2009	Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
CVE-2008-2305	Apple Inc. Mac OS X		0.00	—	0.05	Sep 16, 2008	Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
CVE-2008-1575	Apple Inc. Mac OS X		0.00	—	0.06	Jun 2, 2008	Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.
CVE-2006-4398	Apple Inc. Mac OS X		0.00	—	0.01	Nov 30, 2006	Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.

CVE-2016-4779HigSep 25, 2016
Apple Inc.
OS X
risk 0.51cvss 7.8epss 0.02
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
CVE-2016-1797HigMay 20, 2016
Apple Inc.
Type Services
risk 0.51cvss 7.8epss 0.02
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.
CVE-2015-6985Oct 23, 2015
Apple Inc.
OS X
risk 0.00cvss —epss 0.02
Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page.
CVE-2015-3680Jul 3, 2015
Apple Inc.
OS X
risk 0.00cvss —epss 0.03
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682.
CVE-2011-0198Jun 24, 2011
Apple Inc.
Mac OS X
risk 0.00cvss —epss 0.04
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.
CVE-2011-0175Mar 23, 2011
Apple Inc.
Mac OS X
risk 0.00cvss —epss 0.03
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.
CVE-2010-1808Aug 25, 2010
Apple Inc.
Mac OS X
risk 0.00cvss —epss 0.03
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
CVE-2009-0154May 13, 2009
Apple Inc.
Mac OS X
risk 0.00cvss —epss 0.06
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
CVE-2008-2305Sep 16, 2008
Apple Inc.
Mac OS X
risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
CVE-2008-1575Jun 2, 2008
Apple Inc.
Mac OS X
risk 0.00cvss —epss 0.06
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.
CVE-2006-4398Nov 30, 2006
Apple Inc.
Mac OS X
risk 0.00cvss —epss 0.01
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.