CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5545
https://notcve.org/view.php?id=CVE-2017-5545
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. La función principal en plistutil.c en libimobiledevice libplist hasta la versión 1.12 permite a atacantes obtener información sensible de la memoria de proceso o provocar una denegación de servicio (sobre lectura del búfer) a través de datos Apple Property List que son demasiado cortos. • http://www.securityfocus.com/bid/95702 https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee https://github.com/libimobiledevice/libplist/issues/87 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5209
https://notcve.org/view.php?id=CVE-2017-5209
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. La función base64decode en base64.c en libimobiledevice libplist hasta la versión 1.12 permite a atacantes obtener información sensible de la memoria de proceso o provocar una denegación de servicio (sobrelectura del búfer) a través de datos split codificados Apple Property List. • http://www.securityfocus.com/bid/95385 https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html • CWE-125: Out-of-bounds Read •