Candidate: CVE-2017-5545 PublicDate: 2017-01-21 01:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5545 Description: The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. Ubuntu-Description: Notes: tyhicks> Affected utility is found in the libplist source package rather than in the libimobiledevice source package sbeattie> also, the affected code is just in the plistutil binary, not in the library itself Bugs: https://github.com/libimobiledevice/libplist/issues/87 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852385 Priority: negligible Discovered-by: Wang Junjie Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H [9.1 CRITICAL] Patches_libplist: upstream: https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee Tags_libplist: universe-binary upstream_libplist: released (1.12+git+1+e37ca00-0.1) precise_libplist: ignored (reached end-of-life) precise/esm_libplist: DNE (precise was needed) trusty_libplist: ignored (reached end-of-life) trusty/esm_libplist: DNE (trusty was needed) vivid/stable-phone-overlay_libplist: ignored (reached end-of-life) vivid/ubuntu-core_libplist: DNE xenial_libplist: ignored (end of standard support, was needed) esm-infra/xenial_libplist: needed yakkety_libplist: ignored (reached end-of-life) zesty_libplist: ignored (reached end-of-life) artful_libplist: not-affected (1.12+git+1+e37ca00-0.3) bionic_libplist: not-affected (1.12+git+1+e37ca00-0.3) cosmic_libplist: not-affected (1.12+git+1+e37ca00-0.3) disco_libplist: not-affected (1.12+git+1+e37ca00-0.3) eoan_libplist: not-affected (1.12+git+1+e37ca00-0.3) focal_libplist: not-affected (1.12+git+1+e37ca00-0.3) groovy_libplist: not-affected (1.12+git+1+e37ca00-0.3) hirsute_libplist: not-affected (1.12+git+1+e37ca00-0.3) impish_libplist: not-affected (1.12+git+1+e37ca00-0.3) jammy_libplist: not-affected (1.12+git+1+e37ca00-0.3) devel_libplist: not-affected (1.12+git+1+e37ca00-0.3)