4.3
CVSSv2

CVE-2017-7982

Published: 20/04/2017 Updated: 02/04/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist prior to 2017-04-19 allows remote malicious users to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.

Affected Products

Vendor Product Versions
LibimobiledeviceLibplist1.12

Vendor Advisories

Libplist could be made to crash if it opened a specially crafted file ...
Debian Bug report logs - #860945 libplist: CVE-2017-7982: denial of service (heap-based buffer over-read and application crash) via a crafted plist file Package: src:libplist; Maintainer for src:libplist is gtkpod Maintainers <pkg-gtkpod-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg&g ...
Integer overflow in the plist_from_bin function in bplistc in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file ...
Integer overflow in the plist_from_bin function in bplistc in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file ...