Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Libimobiledevice Subscribe
Filtered by product Libplist
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-10082 1 Libimobiledevice 1 Libplist 2023-03-02 N/A 9.8 CRITICAL
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.
CVE-2017-7982 1 Libimobiledevice 1 Libplist 2020-04-02 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.
CVE-2017-5545 1 Libimobiledevice 1 Libplist 2020-04-02 6.4 MEDIUM 9.1 CRITICAL
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
CVE-2017-5209 1 Libimobiledevice 1 Libplist 2020-04-02 6.4 MEDIUM 9.1 CRITICAL
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
CVE-2017-5835 1 Libimobiledevice 1 Libplist 2019-10-02 5.0 MEDIUM 7.5 HIGH
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
CVE-2017-5836 1 Libimobiledevice 1 Libplist 2017-03-06 5.0 MEDIUM 7.5 HIGH
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
CVE-2017-5834 1 Libimobiledevice 1 Libplist 2017-03-06 4.3 MEDIUM 5.5 MEDIUM
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.