VYPR
Vendor

Libimobiledevice

Products
4
CVEs
15
Across products
16
Status
Private

Products

4

Recent CVEs

15
  • CVE-2017-5545CriJan 21, 2017
    risk 0.59cvss 9.1epss 0.04

    The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.

  • CVE-2017-5209CriJan 11, 2017
    risk 0.59cvss 9.1epss 0.03

    The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.

  • CVE-2017-5836HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.03

    The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.

  • CVE-2017-5835HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.03

    libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.

  • CVE-2017-6438HigMar 15, 2017
    risk 0.48cvss 7.3epss 0.01

    Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code execution via a crafted plist file.

  • CVE-2025-66004MedDec 10, 2025
    risk 0.37cvss 5.7epss 0.00

    A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.

  • CVE-2017-7982MedApr 20, 2017
    risk 0.36cvss 5.5epss 0.01

    Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.

  • CVE-2017-5834MedMar 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.

  • CVE-2016-5104MedJun 13, 2016
    risk 0.35cvss 5.3epss 0.03

    The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.

  • CVE-2017-6440MedMar 15, 2017
    risk 0.33cvss 5.0epss 0.00

    The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.

  • CVE-2017-6439MedMar 15, 2017
    risk 0.33cvss 5.0epss 0.01

    Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist file.

  • CVE-2017-6437MedMar 15, 2017
    risk 0.33cvss 5.0epss 0.00

    The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file.

  • CVE-2017-6436MedMar 15, 2017
    risk 0.33cvss 5.0epss 0.01

    The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.

  • CVE-2017-6435MedMar 15, 2017
    risk 0.33cvss 5.0epss 0.01

    The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file.

  • CVE-2013-2142Jan 19, 2014
    risk 0.00cvss epss 0.00

    userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem…