XML External Entity (XXE) Injection
libplist.so is vulnerable to XML External Entity XXE Injection. The vulnerability exists due to the plistfromxml function in xplist.c because external references are not restricted which allows an attacker to use a specifically crafted XML file to issue a request to an arbitrary URL or disclose a...