CVE-2014-4377

Apple TVOS < 6.2 - Remote Code Execution via Crafted PDF Document

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-4377. PoCs published by feliam, davidmurray.

AI-analyzed exploit summary This repository contains a working exploit PoC for CVE-2014-4377, a heap overflow vulnerability in Apple CoreGraphics. The exploit leverages a crafted PDF file to achieve arbitrary code execution on MobileSafari for iOS 7.1.x.

Description

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Exploits (2)

nomisec WORKING POC 73 stars

by feliam · poc

https://github.com/feliam/CVE-2014-4377

View Code ZIP pw:eip

This repository contains a working exploit PoC for CVE-2014-4377, a heap overflow vulnerability in Apple CoreGraphics. The exploit leverages a crafted PDF file to achieve arbitrary code execution on MobileSafari for iOS 7.1.x.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Apple CoreGraphics on iOS 7.1.x

No auth needed

Prerequisites: Target device running iOS 7.1.x · Ability to deliver a crafted PDF file to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 1 stars

by davidmurray · poc

https://github.com/davidmurray/CVE-2014-4377

View Code ZIP pw:eip

This repository provides a CydiaSubstrate-based fix for CVE-2014-4377, a CoreGraphics memory corruption vulnerability. It references external sources for technical details but does not contain exploit code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Apple CoreGraphics (iOS/macOS)

No auth needed

Prerequisites: None specified

devstral-2 · analyzed Feb 16, 2026 Full analysis →