CVE-2017-5835 in Ubuntu

CVE-2017-5835

Priority

Description

libplist allows attackers to cause a denial of service (large memory
allocation and crash) via vectors involving an offset size of zero.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5835
https://marc.info/?l=oss-security&m=148601478217591&w=2

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854000
https://github.com/libimobiledevice/libplist/issues/88

Notes

Package

Source: libplist (LP Ubuntu Debian)

Upstream:	released (1.12+git+1+e37ca00-0.1)
Ubuntu 18.04 LTS:	not-affected (1.12+git+1+e37ca00-0.3)
Ubuntu 20.04 LTS:	not-affected (1.12+git+1+e37ca00-0.3)
Ubuntu 21.10:	not-affected (1.12+git+1+e37ca00-0.3)
Ubuntu 16.04 ESM:	needed
Ubuntu 22.04 LTS:	not-affected (1.12+git+1+e37ca00-0.3)
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Upstream:

https://github.com/libimobiledevice/libplist/commit/26061aac4ec75e7a4469a9aab9a424716223e5c4

More Information

Updated: 2022-04-25 00:21:44 UTC (commit ecc1009cb19540b950de59270950018900f37f15)