Candidate: CVE-2017-6436
PublicDate: 2017-03-15 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6436
 https://github.com/libimobiledevice/libplist/issues/94
 https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd
Description:
 The parse_string_node function in bplist.c in libimobiledevice libplist
 1.12 allows local users to cause a denial of service (memory allocation
 error) via a crafted plist file.
Ubuntu-Description:
Notes:
 ratliff> introduced during post-1.12 release refactoring of parse_bin_node()
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H [5.0 MEDIUM]

Patches_libplist:
upstream_libplist: released (1.12+git+1+e37ca00-0.1)
precise_libplist: not-affected
trusty_libplist: not-affected
trusty/esm_libplist: DNE (trusty was not-affected)
vivid/stable-phone-overlay_libplist: not-affected
vivid/ubuntu-core_libplist: DNE
xenial_libplist: not-affected
esm-infra/xenial_libplist: not-affected
yakkety_libplist: not-affected
devel_libplist: not-affected