Libimobiledevice : Security Vulnerabilities, CVEs, CVSS score >= 7
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
Max CVSS
7.5
EPSS Score
0.26%
Published
2017-03-03
Updated
2017-03-07
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
Max CVSS
7.5
EPSS Score
0.32%
Published
2017-03-03
Updated
2019-10-03
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
Max CVSS
9.1
EPSS Score
0.34%
Published
2017-01-21
Updated
2020-04-02
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
Max CVSS
9.1
EPSS Score
0.28%
Published
2017-01-11
Updated
2020-04-02
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.
Max CVSS
9.8
EPSS Score
0.15%
Published
2023-02-21
Updated
2024-04-11
5 vulnerabilities found