Skip to main content

Xcode CVE-2016-4705

HIGH
Buffer Overflow (CWE-119)
2016-09-18 product-security@apple.com
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 18, 2016 - 22:59 cve.org
HIGH 7.8

DescriptionCVE.org

otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704.

AnalysisAI

otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704. Affected products include: Apple Xcode. Version information: before 8.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Xcode

View all
CVE-2017-7529 HIGH
7.5 Jul 13

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range fi

CVE-2016-0742 HIGH
7.5 Feb 15

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid

CVE-2025-48384 HIGH
8.0 Jul 08

Git contains a CRLF injection vulnerability (CVE-2025-48384, CVSS 8.0) in its config handling that allows attackers to e

CVE-2021-21300 HIGH POC
7.5 Mar 09

Git is an open-source distributed revision control system. Rated high severity (CVSS 7.5), this vulnerability is remotel

CVE-2014-6394 HIGH POC
7.5 Oct 08

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the docu

CVE-2016-0746 CRITICAL
9.8 Feb 15

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attacke

CVE-2019-14379 CRITICAL
9.8 Jul 29

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (becau

CVE-2018-4164 CRITICAL
9.8 Apr 03

An issue was discovered in certain Apple products. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex

CVE-2016-0747 MEDIUM
5.3 Feb 15

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote

CVE-2022-39260 HIGH
8.8 Oct 19

Git is an open source, scalable, distributed revision control system. Rated high severity (CVSS 8.8), this vulnerability

CVE-2019-8724 HIGH
8.8 Dec 18

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (C

CVE-2019-8723 HIGH
8.8 Dec 18

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (C

Share

CVE-2016-4705 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy