CVE-2017-7982

Priority
Medium
Description
Integer overflow in the plist_from_bin function in bplist.c in
libimobiledevice/libplist before 2017-04-19 allows remote attackers to
cause a denial of service (heap-based buffer over-read and application
crash) via a crafted plist file.
References
Notes
 leosilva> the fix for this CVE needs a backport that may introduces undesired code
Assigned-to
leosilva
Package
Upstream:released (1.12+git+1+e37ca00-0.3)
Ubuntu 17.10 (Artful Aardvark):not-affected (1.12+git+1+e37ca00-0.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.10-1ubuntu0.1)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.12-3.1ubuntu0.16.04.1)
Ubuntu 17.04 (Zesty Zapus):released (1.12-3.1ubuntu0.17.04.1)
Patches:
Upstream:https://github.com/libimobiledevice/libplist/commit/fdebf8b319b9280cd0e9b4382f2c7cbf26ef9325
More Information

Updated: 2017-09-25 21:14:16 UTC (commit 13399)