CVE-2015-7115

MEDIUM

Apple Iphone OS < 9.1 - Memory Corruption

Title source: rule

Description

libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.

References (6)

[Mailing List] http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html

[Mailing List] http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html

[Mailing List] http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

[Vendor Advisory] https://support.apple.com/HT205635

[Vendor Advisory] https://support.apple.com/HT205637

[Vendor Advisory] https://support.apple.com/HT205640

Scores

CVSS v3 4.3

EPSS 0.0083

EPSS Percentile 74.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-119

Status draft

Affected Products (3)

apple/iphone_os < 9.1

apple/mac_os_x < 10.11.0

apple/tvos < 9.0

Timeline

Published Jan 10, 2016

Tracked Since Feb 18, 2026