CVE-2014-1254

medium

Published 2014-02-27 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://support.apple.com/kb/HT6150

OS impact

OS	Version	Status
macos		affected
macos	10.8.0	affected
macos	10.8.1	affected
macos	10.8.2	affected
macos	10.8.3	affected
macos	10.8.4	affected
macos	10.8.5	affected
macos	10.9	affected

References

http://support.apple.com/kb/HT6150
http://support.apple.com/kb/HT6150

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.