CVE-2014-8611
Apple iOS < 9 and macOS < 10.10.5 - Heap-Based Buffer Overflow in stdio __sflush Function
Title source: llmDescription
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT205212
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Various Sources x_refsource_confirm
https://svnweb.freebsd.org/base?view=revision&revision=275665
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT205267
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
Scores
EPSS
0.0011
EPSS Percentile
29.3%
Details
CWE
CWE-119
Status
published
Products (3)
apple/iphone_os
< 8.4.1
apple/mac_os_x
< 10.10.5
freebsd/freebsd
10.1
Published
Sep 18, 2015
Tracked Since
Feb 18, 2026