Libplist Security Vulnerabilities
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It ...
9.8CVSS
9.4AI Score
0.002EPSS
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
9.1CVSS
8.2AI Score
0.004EPSS
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
9.1CVSS
8.2AI Score
0.003EPSS
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.
5.5CVSS
6.4AI Score
0.002EPSS
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
7.5CVSS
7.8AI Score
0.003EPSS
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
7.5CVSS
7.7AI Score
0.003EPSS
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.
5.5CVSS
6.7AI Score
0.002EPSS