CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10082 – UIKit0 libplist XML xplist.c plist_from_xml xml external entity reference
https://notcve.org/view.php?id=CVE-2015-10082
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. • https://github.com/UIKit0/libplist/commit/c086cb139af7c82845f6d565e636073ff4b37440 https://vuldb.com/?ctiid.221499 https://vuldb.com/?id.221499 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7982
https://notcve.org/view.php?id=CVE-2017-7982
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file. Desbordamiento de entero en la función plist_from_bin en bplist.c en libimobiledevice/libplist en versiones anteriores a 2017-04-19 permiten a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica y caída de aplicación) a través de un archivo plist manipulado. • https://github.com/libimobiledevice/libplist/issues/103 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5834
https://notcve.org/view.php?id=CVE-2017-5834
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. La función parse_dict_node en bplist.c en libplist permite a atacantes provocar una denegación de servicio (lectura de memoria dinámica fuera de límites y caída) a través de un archivo manipulado. • http://www.openwall.com/lists/oss-security/2017/01/31/6 http://www.openwall.com/lists/oss-security/2017/02/02/4 http://www.securityfocus.com/bid/96022 https://github.com/libimobiledevice/libplist/issues/89 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5835
https://notcve.org/view.php?id=CVE-2017-5835
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. libplist permite a atacantes provocar una denegación de servicio (gran asignación de memoria y caída) a través de vectores que involucran un tamaño de desplazamiento de cero. • http://www.openwall.com/lists/oss-security/2017/01/31/6 http://www.openwall.com/lists/oss-security/2017/02/02/4 http://www.securityfocus.com/bid/96022 https://github.com/libimobiledevice/libplist/issues/88 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5836
https://notcve.org/view.php?id=CVE-2017-5836
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. La función plist_free_data en plist.c en libplist permite a atacantes provocar una denegación de servicio (caída) a través de vectores que involucran un nodo de entero que es tratado como una PLIST_KEY y desencadena entonces una liberación no válida. • http://www.openwall.com/lists/oss-security/2017/01/31/6 http://www.openwall.com/lists/oss-security/2017/02/02/4 http://www.securityfocus.com/bid/96022 https://github.com/libimobiledevice/libplist/issues/86 • CWE-415: Double Free •