CVE-2017-5209 in Ubuntu

CVE-2017-5209

Priority

Description

The base64decode function in base64.c in libimobiledevice libplist through
1.12 allows attackers to obtain sensitive information from process memory
or cause a denial of service (buffer over-read) via split encoded Apple
Property List data.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5209

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851196
https://github.com/libimobiledevice/libplist/issues/84

Notes

Package

Source: libplist (LP Ubuntu Debian)

Upstream:	released (1.12+git+1+e37ca00-0.1)
Ubuntu 18.04 LTS:	not-affected (1.12+git+1+e37ca00-0.3)
Ubuntu 20.04 LTS:	not-affected (1.12+git+1+e37ca00-0.3)
Ubuntu 21.10:	not-affected (1.12+git+1+e37ca00-0.3)
Ubuntu 16.04 ESM:	needed
Ubuntu 22.04 LTS:	not-affected (1.12+git+1+e37ca00-0.3)
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Upstream:

https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957

More Information

Updated: 2022-04-25 00:21:34 UTC (commit ecc1009cb19540b950de59270950018900f37f15)