CVE-2014-4377

medium

Published 2014-09-18 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact

OS	Version	Status
macos		affected
macos	6.0	affected
macos	6.0.1	affected
macos	6.0.2	affected
macos	6.1	affected
macos	6.1.1	affected
macos	6.1.2	affected
macos	7.0	affected
macos	7.0.1	affected
macos	7.0.2	affected
macos	7.0.3	affected
macos	7.0.4	affected
macos	7.0.5	affected
macos	7.0.6	affected
macos	7.1	affected
macos	7.1.1	affected

References

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
http://secunia.com/advisories/61318
http://support.apple.com/kb/HT6441
http://support.apple.com/kb/HT6442
http://support.apple.com/kb/HT6443
http://www.securityfocus.com/bid/69882
http://www.securityfocus.com/bid/69903
http://www.securitytracker.com/id/1030866
https://exchange.xforce.ibmcloud.com/vulnerabilities/96076
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
http://secunia.com/advisories/61318
http://support.apple.com/kb/HT6441
http://support.apple.com/kb/HT6442
http://support.apple.com/kb/HT6443
http://www.securityfocus.com/bid/69882
http://www.securityfocus.com/bid/69903
http://www.securitytracker.com/id/1030866
https://exchange.xforce.ibmcloud.com/vulnerabilities/96076

CWEs

CWE-189

Verify integrity in audit chain (admin only). AS-IS.