CVE-2014-4377

Apple iOS <8, Apple TV <7 - RCE

Title source: llm

Description

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Exploits (2)

nomisec WORKING POC 73 stars

by feliam · poc

https://github.com/feliam/CVE-2014-4377

View Code ZIP pw:eip

nomisec WRITEUP 1 stars

by davidmurray · poc

https://github.com/davidmurray/CVE-2014-4377

View Code ZIP pw:eip

References (10)

Core 10

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030866

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/61318

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69882

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69903

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT6441

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/96076

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT6442

Third Party Advisory vendor-advisory x_refsource_apple

http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html

Third Party Advisory vendor-advisory x_refsource_apple

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT6443

Scores

EPSS 0.1134

EPSS Percentile 93.6%

Details

CWE

CWE-189

Status published

Products (18)

apple/iphone_os 7.0

apple/iphone_os 7.0.1

apple/iphone_os 7.0.2

apple/iphone_os 7.0.3

apple/iphone_os 7.0.4

apple/iphone_os 7.0.5

apple/iphone_os 7.0.6

apple/iphone_os 7.1

apple/iphone_os 7.1.1

apple/iphone_os < 7.1.2

... and 8 more

Published Sep 18, 2014

Tracked Since Feb 18, 2026