The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/95385 | Third Party Advisory VDB Entry |
https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957 | Patch |
https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html |
Configurations
History
No history.
Information
Published : 2017-01-11 16:59
Updated : 2024-02-28 15:44
NVD link : CVE-2017-5209
Mitre link : CVE-2017-5209
CVE.ORG link : CVE-2017-5209
JSON object : View
Products Affected
libimobiledevice
- libplist
CWE
CWE-125
Out-of-bounds Read