cvelistv5 - cve-2014-9495

CVE-2014-9495 (GCVE-0-2014-9495)

Vulnerability from cvelistv5

Published

2015-01-10 19:00

Modified

2025-06-09 15:16

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Summary

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2015/01/04/3	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/71820	vdb-entry, x_refsource_BID
	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	vendor-advisory, x_refsource_APPLE
	https://support.apple.com/HT206167	x_refsource_CONFIRM
	http://sourceforge.net/p/png-mng/mailman/message/33173461/	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/01/10/1	mailing-list, x_refsource_MLIST
	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/01/10/3	mailing-list, x_refsource_MLIST
	http://sourceforge.net/p/png-mng/mailman/message/33172831/	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1031444	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/62725	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:41.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
          },
          {
            "name": "71820",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71820"
          },
          {
            "name": "APPLE-SA-2016-03-21-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206167"
          },
          {
            "name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
          },
          {
            "name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
          },
          {
            "name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
          },
          {
            "name": "1031444",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031444"
          },
          {
            "name": "62725",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62725"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2014-9495",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T15:14:59.794156Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-122",
                "description": "CWE-122 Heap-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T15:16:20.021Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
        },
        {
          "name": "71820",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71820"
        },
        {
          "name": "APPLE-SA-2016-03-21-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206167"
        },
        {
          "name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
        },
        {
          "name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
        },
        {
          "name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
        },
        {
          "name": "1031444",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031444"
        },
        {
          "name": "62725",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62725"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9495",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
            },
            {
              "name": "71820",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71820"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "https://support.apple.com/HT206167",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206167"
            },
            {
              "name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
              "refsource": "MLIST",
              "url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
            },
            {
              "name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
            },
            {
              "name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available",
              "refsource": "MLIST",
              "url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
            },
            {
              "name": "1031444",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031444"
            },
            {
              "name": "62725",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62725"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9495",
    "datePublished": "2015-01-10T19:00:00.000Z",
    "dateReserved": "2015-01-03T00:00:00.000Z",
    "dateUpdated": "2025-06-09T15:16:20.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2016-AVI-106

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002
Apple	N/A	tvOS versions antérieures à 9.2 pour Apple TV (4ème génération)
Apple	N/A	OS X El Capitan 10.11.x versions antérieures à 10.11.4
Apple	N/A	iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents
Apple	N/A	watchOS versions antérieures à 2.2
Apple	N/A	OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures
Apple	N/A	Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures
Apple	N/A	OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002
Apple	Safari	Safari versions antérieures à 9.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT206173 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206169 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206168 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206171 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206166 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206172 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206167 du 21 mars 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks versions 10.9.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 9.2 pour Apple TV (4\u00e8me g\u00e9n\u00e9ration)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X El Capitan 10.11.x versions ant\u00e9rieures \u00e0 10.11.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 9.3 pour iPhones 4s, iPod touch (5\u00e8me g\u00e9n\u00e9ration), iPad 2 et leurs mod\u00e8les respectifs plus r\u00e9cents",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Server versions ant\u00e9rieures \u00e0 5.1 pour OS X Yosemite versions 10.10.5 et ult\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 7.3 pour OS X El Capitan versions 10.11 et ult\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite versions 10.10.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 9.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1753"
    },
    {
      "name": "CVE-2016-1781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1781"
    },
    {
      "name": "CVE-2016-1736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1736"
    },
    {
      "name": "CVE-2016-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1750"
    },
    {
      "name": "CVE-2016-1779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1779"
    },
    {
      "name": "CVE-2016-1748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1748"
    },
    {
      "name": "CVE-2016-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1766"
    },
    {
      "name": "CVE-2016-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1758"
    },
    {
      "name": "CVE-2016-1735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1735"
    },
    {
      "name": "CVE-2016-1763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1763"
    },
    {
      "name": "CVE-2016-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1767"
    },
    {
      "name": "CVE-2016-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1720"
    },
    {
      "name": "CVE-2016-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1771"
    },
    {
      "name": "CVE-2016-1719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1719"
    },
    {
      "name": "CVE-2015-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
    },
    {
      "name": "CVE-2016-1727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1727"
    },
    {
      "name": "CVE-2016-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
    },
    {
      "name": "CVE-2015-3184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3184"
    },
    {
      "name": "CVE-2015-1819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1819"
    },
    {
      "name": "CVE-2016-0801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
    },
    {
      "name": "CVE-2016-1950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
    },
    {
      "name": "CVE-2016-1768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1768"
    },
    {
      "name": "CVE-2016-0802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
    },
    {
      "name": "CVE-2016-1744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1744"
    },
    {
      "name": "CVE-2016-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1775"
    },
    {
      "name": "CVE-2016-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1787"
    },
    {
      "name": "CVE-2015-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
    },
    {
      "name": "CVE-2016-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1788"
    },
    {
      "name": "CVE-2015-3187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3187"
    },
    {
      "name": "CVE-2016-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1786"
    },
    {
      "name": "CVE-2016-1717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1717"
    },
    {
      "name": "CVE-2015-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
    },
    {
      "name": "CVE-2016-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1776"
    },
    {
      "name": "CVE-2009-2197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2197"
    },
    {
      "name": "CVE-2016-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1785"
    },
    {
      "name": "CVE-2015-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
    },
    {
      "name": "CVE-2016-1755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1755"
    },
    {
      "name": "CVE-2016-1733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1733"
    },
    {
      "name": "CVE-2016-1772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1772"
    },
    {
      "name": "CVE-2016-1723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1723"
    },
    {
      "name": "CVE-2015-5312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
    },
    {
      "name": "CVE-2016-1754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1754"
    },
    {
      "name": "CVE-2016-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1783"
    },
    {
      "name": "CVE-2016-1756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1756"
    },
    {
      "name": "CVE-2016-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1745"
    },
    {
      "name": "CVE-2016-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1752"
    },
    {
      "name": "CVE-2014-9495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9495"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-7942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
    },
    {
      "name": "CVE-2015-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
    },
    {
      "name": "CVE-2015-8126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8126"
    },
    {
      "name": "CVE-2016-1725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1725"
    },
    {
      "name": "CVE-2016-1761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1761"
    },
    {
      "name": "CVE-2015-8242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
    },
    {
      "name": "CVE-2016-1740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1740"
    },
    {
      "name": "CVE-2016-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1764"
    },
    {
      "name": "CVE-2016-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1757"
    },
    {
      "name": "CVE-2016-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1769"
    },
    {
      "name": "CVE-2016-1743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1743"
    },
    {
      "name": "CVE-2016-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1746"
    },
    {
      "name": "CVE-2016-1724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1724"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2015-8659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8659"
    },
    {
      "name": "CVE-2016-1770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1770"
    },
    {
      "name": "CVE-2016-1749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1749"
    },
    {
      "name": "CVE-2016-1732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1732"
    },
    {
      "name": "CVE-2016-1773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1773"
    },
    {
      "name": "CVE-2016-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
    },
    {
      "name": "CVE-2016-1765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1765"
    },
    {
      "name": "CVE-2016-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1741"
    },
    {
      "name": "CVE-2016-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1737"
    },
    {
      "name": "CVE-2016-1784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1784"
    },
    {
      "name": "CVE-2016-1759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1759"
    },
    {
      "name": "CVE-2016-1778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1778"
    },
    {
      "name": "CVE-2015-5334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
    },
    {
      "name": "CVE-2016-1722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1722"
    },
    {
      "name": "CVE-2015-0973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0973"
    },
    {
      "name": "CVE-2016-1738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1738"
    },
    {
      "name": "CVE-2016-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1747"
    },
    {
      "name": "CVE-2015-7551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
    },
    {
      "name": "CVE-2016-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1780"
    },
    {
      "name": "CVE-2016-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1774"
    },
    {
      "name": "CVE-2016-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1721"
    },
    {
      "name": "CVE-2015-8472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8472"
    },
    {
      "name": "CVE-2016-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1782"
    },
    {
      "name": "CVE-2016-1726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1726"
    },
    {
      "name": "CVE-2016-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1751"
    },
    {
      "name": "CVE-2016-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
    },
    {
      "name": "CVE-2016-1734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1734"
    }
  ],
  "initial_release_date": "2016-03-22T00:00:00",
  "last_revision_date": "2016-03-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-106",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206173 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206173"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206169 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206169"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206168 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206168"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206171 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206171"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206166 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206166"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206172 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206172"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206167 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206167"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-9495 (GCVE-0-2014-9495)

Vulnerability from cvelistv5

CERTFR-2016-AVI-106

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature