Skip to main content

Libplist CVE-2017-6437

MEDIUM
Out-of-bounds Read (CWE-125)
2017-03-15 cve@mitre.org
5.0
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 15, 2017 - 14:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file.

AnalysisAI

The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file. Affected products include: Libplist Project Libplist.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2017-6438 HIGH POC
7.3 Mar 15

Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local

CVE-2017-5545 CRITICAL
9.1 Jan 21

The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive informat

CVE-2017-5209 CRITICAL
9.1 Jan 11

The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive inf

CVE-2017-6435 MEDIUM POC
5.0 Mar 15

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of ser

CVE-2017-6436 MEDIUM POC
5.0 Mar 15

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of ser

CVE-2017-6440 MEDIUM POC
5.0 Mar 15

The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of servi

CVE-2017-6439 MEDIUM POC
5.0 Mar 15

Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local

CVE-2017-5835 HIGH
7.5 Mar 03

libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offs

CVE-2017-5836 HIGH
7.5 Mar 03

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors in

CVE-2017-5834 MEDIUM
5.5 Mar 03

The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap r

CVE-2017-7982 MEDIUM
5.5 Apr 20

Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote

Share

CVE-2017-6437 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy