Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2017-5209

Published: 11/01/2017 Updated: 02/04/2020
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Libplist

Vulnerability Summary

The base64decode function in base64.c in libimobiledevice libplist up to and including 1.12 allows malicious users to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libimobiledevice libplist

Vendor Advisories

Debian CVElist Bug Report Logs: libplist: CVE-2017-5545
Debian Bug report logs - #852385 libplist: CVE-2017-5545 Package: src:libplist; Maintainer for src:libplist is gtkpod Maintainers <pkg-gtkpod-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 24 Jan 2017 05:48:02 UTC Severity: grave Tags: fixed-upstream, patch, security, ...
Debian CVElist Bug Report Logs: libplist: CVE-2017-5209
Debian Bug report logs - #851196 libplist: CVE-2017-5209 Package: src:libplist; Maintainer for src:libplist is gtkpod Maintainers <pkg-gtkpod-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 12 Jan 2017 21:15:01 UTC Severity: grave Tags: fixed-upstream, patch, security, ...
Debian CVElist Bug Report Logs: CVE-2017-5834 CVE-2017-5835 CVE-2017-5836
Debian Bug report logs - #854000 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 Package: src:libplist; Maintainer for src:libplist is gtkpod Maintainers <pkg-gtkpod-devel@alioth-listsdebiannet>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 2 Feb 2017 22:21:02 UTC Severity: grave Tags: security, upstream ...
Red Hat: CVE-2017-5209
The base64decode function in base64c in libimobiledevice libplist through 112 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data ...
Arch Linux Issues:
The base64decode function in base64c in libimobiledevice libplist through 112 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data ...

References

CWE-125https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957http://www.securityfocus.com/bid/95385https://lists.debian.org/debian-lts-announce/2020/04/msg00002.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852385
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook