CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-6438

Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code execution via a crafted plist file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.3%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 4.4

References

http://www.securityfocus.com/bid/97281
https://github.com/libimobiledevice/libplist/issues/98
http://www.securityfocus.com/bid/97281
https://github.com/libimobiledevice/libplist/issues/98

Products affected by CVE-2017-6438

Libplist Project » Libplist » Version: 1.12

cpe:2.3:a:libplist_project:libplist:1.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-6438

Products

Pricing

Contact Us