oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: multiples vulnerabilities in libplist

From: <nikola.sc () keemail me>
Date: Tue, 31 Jan 2017 15:09:58 +0100 (CET)
Fixed in libplist, a library to handle Apple Property List format in binary or XML. Debian and Ubuntu are using 
vulnerable versions.https://github.com/libimobiledevice/libplist
Public issues:heap-buffer-overflow in parse_dict_node
https://github.com/libimobiledevice/libplist/issues/89
memory allocation errorhttps://github.com/libimobiledevice/libplist/issues/88

heap-buffer-overflow CVE-2017-5545 used in
https://github.com/libimobiledevice/libplist/issues/87

issue in plist_free_data plist.c:185
https://github.com/libimobiledevice/libplist/issues/86

Regards, Nikola
--
Nikola s.c
Previous By Date Next
Previous By Thread Next

Current thread: