Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 31 Jan 2017 15:09:58 +0100 (CET)
From:  <nikola.sc@...mail.me>
To:  <oss-security@...ts.openwall.com>
Subject: CVE request: multiples vulnerabilities in libplist

Fixed in libplist, a library to handle Apple Property List format in binary or XML. Debian and Ubuntu are using vulnerable versions.https://github.com/libimobiledevice/libplist
Public issues:heap-buffer-overflow in parse_dict_node
https://github.com/libimobiledevice/libplist/issues/89
memory allocation errorhttps://github.com/libimobiledevice/libplist/issues/88

heap-buffer-overflow CVE-2017-5545 used in
https://github.com/libimobiledevice/libplist/issues/87

issue in plist_free_data plist.c:185
https://github.com/libimobiledevice/libplist/issues/86

Regards, Nikola
--
Nikola s.c

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ