Libimobiledevice: Security Vulnerabilities
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-02-21
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-04-20
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-03-03
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-03-03
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-03-03
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
CVSS Score
9.1
EPSS Score
0.004
Published
2017-01-21
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
CVSS Score
9.1
EPSS Score
0.004
Published
2017-01-11
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
CVSS Score
5.3
EPSS Score
0.007
Published
2016-06-13
userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.
CVSS Score
3.3
EPSS Score
0.0
Published
2014-01-19