Skip to main content

Xcode CVE-2015-7057

MEDIUM
Buffer Overflow (CWE-119)
2015-12-11 product-security@apple.com
4.6
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Local
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Dec 11, 2015 - 11:59 cve.org
MEDIUM 4.6

DescriptionCVE.org

otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049.

AnalysisAI

otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. Affected products include: Apple Xcode. Version information: before 7.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Xcode

View all
CVE-2017-7529 HIGH
7.5 Jul 13

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range fi

CVE-2016-0742 HIGH
7.5 Feb 15

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid

CVE-2025-48384 HIGH
8.0 Jul 08

Git contains a CRLF injection vulnerability (CVE-2025-48384, CVSS 8.0) in its config handling that allows attackers to e

CVE-2021-21300 HIGH POC
7.5 Mar 09

Git is an open-source distributed revision control system. Rated high severity (CVSS 7.5), this vulnerability is remotel

CVE-2014-6394 HIGH POC
7.5 Oct 08

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the docu

CVE-2016-0746 CRITICAL
9.8 Feb 15

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attacke

CVE-2019-14379 CRITICAL
9.8 Jul 29

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (becau

CVE-2018-4164 CRITICAL
9.8 Apr 03

An issue was discovered in certain Apple products. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex

CVE-2016-0747 MEDIUM
5.3 Feb 15

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote

CVE-2022-39260 HIGH
8.8 Oct 19

Git is an open source, scalable, distributed revision control system. Rated high severity (CVSS 8.8), this vulnerability

CVE-2019-8724 HIGH
8.8 Dec 18

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (C

CVE-2019-8723 HIGH
8.8 Dec 18

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (C

Share

CVE-2015-7057 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy