CVE-2015-1098

Published: Apr 10, 2015Modified: May 6, 2026

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: NVD

Description

iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.

Affected (2)

Products: Apple: Iphone Os, Mac Os X

Apple

2 products

Iphone Os

Mac Os X

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 8.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Before 10.10.3

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (12)

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Source: product-security@apple.com

Mailing ListVendor Advisory

http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html

Source: product-security@apple.com

Mailing ListVendor Advisory

http://www.securityfocus.com/bid/73984

Source: product-security@apple.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032048

Source: product-security@apple.com

Third Party AdvisoryVDB Entry

https://support.apple.com/HT204659

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT204661

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html