Published: 20/04/2017 Updated: 02/04/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist prior to 2017-04-19 allows remote malicious users to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libimobiledevice libplist

Debian Bug report logs - #860945 libplist: CVE-2017-7982: denial of service (heap-based buffer over-read and application crash) via a crafted plist file Package: src:libplist; Maintainer for src:libplist is gtkpod Maintainers <pkg-gtkpod-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg&g ...

Libplist could be made to crash if it opened a specially crafted file ...

Integer overflow in the plist_from_bin function in bplistc in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file ...

CWE-190 https://github.com/libimobiledevice/libplist/issues/103 https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860945 https://usn.ubuntu.com/3429-1/https://nvd.nist.gov

CVE-2017-7982

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect