CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10082 – UIKit0 libplist XML xplist.c plist_from_xml xml external entity reference
https://notcve.org/view.php?id=CVE-2015-10082
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. • https://github.com/UIKit0/libplist/commit/c086cb139af7c82845f6d565e636073ff4b37440 https://vuldb.com/?ctiid.221499 https://vuldb.com/?id.221499 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7982
https://notcve.org/view.php?id=CVE-2017-7982
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file. Desbordamiento de entero en la función plist_from_bin en bplist.c en libimobiledevice/libplist en versiones anteriores a 2017-04-19 permiten a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica y caída de aplicación) a través de un archivo plist manipulado. • https://github.com/libimobiledevice/libplist/issues/103 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6435
https://notcve.org/view.php?id=CVE-2017-6435
The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file. La función parse_string_node en bplist.c en libimobiledevice libplist 1.12 permite a usuarios locales provocar una denegación de servicio (corrupción de memoria) a través de un archivo plist manipulado. • http://www.securityfocus.com/bid/97586 https://github.com/libimobiledevice/libplist/commit/fbd8494d5e4e46bf2e90cb6116903e404374fb56 https://github.com/libimobiledevice/libplist/issues/93 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6436
https://notcve.org/view.php?id=CVE-2017-6436
The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. La función parse_string_node en bplist.c en libimobiledevice libplist 1.12 permite a usuarios locales provocar una denegación de servicio (error de asignación de memoria) a través de un archivo plist manipulado. • http://www.securityfocus.com/bid/97290 https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd https://github.com/libimobiledevice/libplist/issues/94 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6439
https://notcve.org/view.php?id=CVE-2017-6439
Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist file. Desbordamiento de búfer basado en memoria dinámica en la función parse_string_node en bplist.c en libimobiledevice libplist 1.12 permite a usuarios locales provocar una denegación de servicio (escritura fuera de límites) a través de un archivo plist manipulado. • http://www.securityfocus.com/bid/97278 https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd https://github.com/libimobiledevice/libplist/issues/95 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html • CWE-787: Out-of-bounds Write •