[3.5] libplist: Multiple issues (CVE-2017-5209, CVE-2017-5545, CVE-2017-5834, CVE-2017-5835, CVE-2017-5836)ID: oval:org.secpod.oval:def:1800110 | Date: (C)2018-03-28 (M)2021-09-12 |
Class: PATCH | Family: unix |
CVE-2017-5209 The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service via split encoded Apple Property List data. Reference Patch CVE-2017-5545 The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service via Apple Property List data that is too short. Reference Patch CVE-2017-5834: heap-buffer-overflow in parse_dict_node Reference Patch CVE-2017-5835: memory allocation error Reference Patch CVE-2017-5836: issue in plist_free_data plist.c:185 Reference Patch
Platform: |
Alpine Linux 3.5 |