Libimobiledevice : Security Vulnerabilities, CVEs, Published In 2017 (Denial of service)
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.
Max CVSS
5.5
EPSS Score
0.20%
Published
2017-04-20
Updated
2020-04-02
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
Max CVSS
7.5
EPSS Score
0.26%
Published
2017-03-03
Updated
2017-03-07
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
Max CVSS
7.5
EPSS Score
0.32%
Published
2017-03-03
Updated
2019-10-03
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.
Max CVSS
5.5
EPSS Score
0.17%
Published
2017-03-03
Updated
2017-03-07
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
Max CVSS
9.1
EPSS Score
0.34%
Published
2017-01-21
Updated
2020-04-02
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
Max CVSS
9.1
EPSS Score
0.28%
Published
2017-01-11
Updated
2020-04-02
6 vulnerabilities found