[3.6] libplist: Multiple issues (CVE-2017-5209, CVE-2017-5545, CVE-2017-5834, CVE-2017-5835, CVE-2017-5836)ID: oval:org.secpod.oval:def:1800158 | Date: (C)2018-03-28 (M)2021-09-12 |
Class: PATCH | Family: unix |
CVE-2017-5209: The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service via split encoded Apple Property List data. Reference: Patch: CVE-2017-5545: The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service via Apple Property List data that is too short. Reference: Patch: CVE-2017-5834: heap-buffer-overflow in parse_dict_node; Reference: Patch: CVE-2017-5835: memory allocation error; Reference: Patch: CVE-2017-5836: issue in plist_free_data plist.c:185; Reference: Patch:
Platform: |
Alpine Linux 3.6 |