Vulnerability Description
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libimobiledevice | Libplist | <= 1.12 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95702Third Party AdvisoryVDB Entry
- https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baaIssue TrackingPatchThird Party Advisory
- https://github.com/libimobiledevice/libplist/issues/87Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html
- http://www.securityfocus.com/bid/95702Third Party AdvisoryVDB Entry
- https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baaIssue TrackingPatchThird Party Advisory
- https://github.com/libimobiledevice/libplist/issues/87Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html
FAQ
What is CVE-2017-5545?
CVE-2017-5545 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Appl...
How severe is CVE-2017-5545?
CVE-2017-5545 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-5545?
Check the references section above for vendor advisories and patch information. Affected products include: Libimobiledevice Libplist.