XML External Entity (XXE) Injection

libplist.so is vulnerable to XML External Entity XXE Injection. The vulnerability exists due to the plistfromxml function in xplist.c because external references are not restricted which allows an attacker to use a specifically crafted XML file to issue a request to an arbitrary URL or disclose a...

Denial Of Service (DoS)

libplist.so is susceptible to denial of service DoS attacks. The attacks exist due to the lack of checking for data range, leading to undefined behavior when attackers input a malicious plist file to the parsestringnode function...