VYPR

libplist

by Libplist

CVEs (3)

  • CVE-2017-5836HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.03

    The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.

  • CVE-2017-5835HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.03

    libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.

  • CVE-2017-5834MedMar 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.