6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
0.003 Low
EPSS
Percentile
71.4%
The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (CVE-2017-5209). The main function in plistutil.c in libimobiledevice libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short (CVE-2017-5545). A heap-buffer overflow in parse_dict_node could cause a segmentation fault (CVE-2017-5834). Malicious crafted file could cause libplist to allocate large amounts of memory and consume lots of CPU because of a memory allocation error (CVE-2017-5835). A type inconsistency in bplist.c could cause the application to crash (CVE-2017-5836). Crafted plist file could lead to Heap-buffer overflow (CVE-2017-6435). Integer overflow in parse_string_node (CVE-2017-6436). The base64encode function in base64.c allows local users to cause denial of service (out-of-bounds read) via a crafted plist file (CVE-2017-6437). Heap-based buffer overflow in the parse_unicode_node function (CVE-2017-6438). Heap-based buffer overflow in the parse_string_node function (CVE-2017-6439). Ensure that sanity checks work on 32-bit platforms (CVE-2017-6440). Add some safety checks, backported from upstream (CVE-2017-7982). The gvfs, ifuse, kodi, libgpod, libimobiledevice, upower, and usbmuxd packages have been rebuilt for the updated libplist.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | libplist | < 1.12-1 | libplist-1.12-1.mga5 |
Mageia | 5 | noarch | gvfs | < 1.22.3-2.2 | gvfs-1.22.3-2.2.mga5 |
Mageia | 5 | noarch | ifuse | < 1.1.3-4.1 | ifuse-1.1.3-4.1.mga5 |
Mageia | 5 | noarch | kodi | < 14.0-2.3 | kodi-14.0-2.3.mga5 |
Mageia | 5 | noarch | libgpod | < 0.8.3-8.2 | libgpod-0.8.3-8.2.mga5 |
Mageia | 5 | noarch | libimobiledevice | < 1.1.6-4.2 | libimobiledevice-1.1.6-4.2.mga5 |
Mageia | 5 | noarch | upower | < 0.99.2-1.2 | upower-0.99.2-1.2.mga5 |
Mageia | 5 | noarch | usbmuxd | < 1.0.9-6.2 | usbmuxd-1.0.9-6.2.mga5 |
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
0.003 Low
EPSS
Percentile
71.4%