The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Buffer Overflow
Denial Of Service
Apple
Information Disclosure
Libplist
NVD
GitHub
VulDB
CVSS 3.0
9.1
EPSS
0.4%