CVE-2015-7057
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049.
Known Affected Software
55 configuration(s) from 1 vendor(s)
xcode
Version:
6.1.1
CPE:
cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*
xcode
Version:
7.1
CPE:
cpe:2.3:a:apple:xcode:7.1:*:*:*:*:*:*:*
xcode
Version:
4.0
CPE:
cpe:2.3:a:apple:xcode:4.0:*:*:*:*:*:*:*
xcode
Version:
4.0.1
CPE:
cpe:2.3:a:apple:xcode:4.0.1:*:*:*:*:*:*:*
xcode
Version:
3.1.1
CPE:
cpe:2.3:a:apple:xcode:3.1.1:*:*:*:*:*:*:*
xcode
Version:
1.5.0
CPE:
cpe:2.3:a:apple:xcode:1.5.0:*:*:*:*:*:*:*
xcode
Version:
4.6
CPE:
cpe:2.3:a:apple:xcode:4.6:*:*:*:*:*:*:*
xcode
Version:
4.2
CPE:
cpe:2.3:a:apple:xcode:4.2:*:*:*:*:*:*:*
xcode
Version:
4.3.3
CPE:
cpe:2.3:a:apple:xcode:4.3.3:*:*:*:*:*:*:*
xcode
Version:
7.1.1
CPE:
cpe:2.3:a:apple:xcode:7.1.1:*:*:*:*:*:*:*
xcode
Version:
5.1
CPE:
cpe:2.3:a:apple:xcode:5.1:*:*:*:*:*:*:*
xcode
Version:
4.6.3
CPE:
cpe:2.3:a:apple:xcode:4.6.3:*:*:*:*:*:*:*
xcode
Version:
2.3.0
CPE:
cpe:2.3:a:apple:xcode:2.3.0:*:*:*:*:*:*:*
xcode
Version:
6.1
CPE:
cpe:2.3:a:apple:xcode:6.1:*:*:*:*:*:*:*
xcode
Version:
4.3.2
CPE:
cpe:2.3:a:apple:xcode:4.3.2:*:*:*:*:*:*:*
xcode
Version:
6.3.1
CPE:
cpe:2.3:a:apple:xcode:6.3.1:*:*:*:*:*:*:*
xcode
Version:
2.0.0
CPE:
cpe:2.3:a:apple:xcode:2.0.0:*:*:*:*:*:*:*
xcode
Version:
2.4.0
CPE:
cpe:2.3:a:apple:xcode:2.4.0:*:*:*:*:*:*:*
xcode
Version:
6.3
CPE:
cpe:2.3:a:apple:xcode:6.3:*:*:*:*:*:*:*
xcode
Version:
3.2.2
CPE:
cpe:2.3:a:apple:xcode:3.2.2:*:*:*:*:*:*:*
xcode
Version:
2.1.0
CPE:
cpe:2.3:a:apple:xcode:2.1.0:*:*:*:*:*:*:*
xcode
Version:
3.2.1
CPE:
cpe:2.3:a:apple:xcode:3.2.1:*:*:*:*:*:*:*
xcode
Version:
3.2.4
CPE:
cpe:2.3:a:apple:xcode:3.2.4:*:*:*:*:*:*:*
xcode
Version:
4.3.1
CPE:
cpe:2.3:a:apple:xcode:4.3.1:*:*:*:*:*:*:*
xcode
Version:
7.0
CPE:
cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*
xcode
Version:
3.2.3
CPE:
cpe:2.3:a:apple:xcode:3.2.3:*:*:*:*:*:*:*
xcode
Version:
5.0.1
CPE:
cpe:2.3:a:apple:xcode:5.0.1:*:*:*:*:*:*:*
xcode
Version:
5.0.2
CPE:
cpe:2.3:a:apple:xcode:5.0.2:*:*:*:*:*:*:*
xcode
Version:
3.1.3
CPE:
cpe:2.3:a:apple:xcode:3.1.3:*:*:*:*:*:*:*
xcode
Version:
7.0.1
CPE:
cpe:2.3:a:apple:xcode:7.0.1:*:*:*:*:*:*:*
xcode
Version:
6.0
CPE:
cpe:2.3:a:apple:xcode:6.0:*:*:*:*:*:*:*
xcode
Version:
5.1.1
CPE:
cpe:2.3:a:apple:xcode:5.1.1:*:*:*:*:*:*:*
xcode
Version:
4.6.2
CPE:
cpe:2.3:a:apple:xcode:4.6.2:*:*:*:*:*:*:*
xcode
Version:
4.6.1
CPE:
cpe:2.3:a:apple:xcode:4.6.1:*:*:*:*:*:*:*
xcode
Version:
6.3.2
CPE:
cpe:2.3:a:apple:xcode:6.3.2:*:*:*:*:*:*:*
xcode
Version:
3.1.2
CPE:
cpe:2.3:a:apple:xcode:3.1.2:*:*:*:*:*:*:*
xcode
Version:
4.2.1
CPE:
cpe:2.3:a:apple:xcode:4.2.1:*:*:*:*:*:*:*
xcode
Version:
4.4.1
CPE:
cpe:2.3:a:apple:xcode:4.4.1:*:*:*:*:*:*:*
xcode
Version:
4.3
CPE:
cpe:2.3:a:apple:xcode:4.3:*:*:*:*:*:*:*
xcode
Version:
4.5.2
CPE:
cpe:2.3:a:apple:xcode:4.5.2:*:*:*:*:*:*:*
xcode
Version:
4.5
CPE:
cpe:2.3:a:apple:xcode:4.5:*:*:*:*:*:*:*
xcode
Version:
3.1
CPE:
cpe:2.3:a:apple:xcode:3.1:*:*:*:*:*:*:*
xcode
Version:
4.1.1
CPE:
cpe:2.3:a:apple:xcode:4.1.1:*:*:*:*:*:*:*
xcode
Version:
6.2
CPE:
cpe:2.3:a:apple:xcode:6.2:beta_2:*:*:*:*:*:*
xcode
Version:
2.2.0
CPE:
cpe:2.3:a:apple:xcode:2.2.0:*:*:*:*:*:*:*
xcode
Version:
4.5.1
CPE:
cpe:2.3:a:apple:xcode:4.5.1:*:*:*:*:*:*:*
xcode
Version:
4.4
CPE:
cpe:2.3:a:apple:xcode:4.4:*:*:*:*:*:*:*
xcode
Version:
2.4.1
CPE:
cpe:2.3:a:apple:xcode:2.4.1:*:*:*:*:*:*:*
xcode
Version:
3.2.5
CPE:
cpe:2.3:a:apple:xcode:3.2.5:*:*:*:*:*:*:*
xcode
Version:
4.1
CPE:
cpe:2.3:a:apple:xcode:4.1:*:*:*:*:*:*:*
xcode
Version:
5.0
CPE:
cpe:2.3:a:apple:xcode:5.0:*:*:*:*:*:*:*
xcode
Version:
6.4
CPE:
cpe:2.3:a:apple:xcode:6.4:*:*:*:*:*:*:*
xcode
Version:
6.0.1
CPE:
cpe:2.3:a:apple:xcode:6.0.1:*:*:*:*:*:*:*
xcode
Version:
4.0.2
CPE:
cpe:2.3:a:apple:xcode:4.0.2:*:*:*:*:*:*:*
xcode
Version:
3.1.4
CPE:
cpe:2.3:a:apple:xcode:3.1.4:*:*:*:*:*:*:*
This vulnerability affects 55 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.htmlproduct-security@apple.com Vendor Advisory
-
http://www.securitytracker.com/id/1034340product-security@apple.com
-
https://support.apple.com/HT205642product-security@apple.com Vendor Advisory
-
http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.securitytracker.com/id/1034340af854a3a-2127-422b-91ae-364da2661108
-
https://support.apple.com/HT205642af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-119
Top 25 #17
Improper Restriction of Operations within the Bounds of a Memory Buffer
- Description
- The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to…
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- December 11, 2015
