Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 31 Jan 2017 15:09:58 +0100 (CET)
From:  <nikola.sc@...mail.me>
To:  <oss-security@...ts.openwall.com>
Subject: CVE request: multiples vulnerabilities in libplist

Fixed in libplist, a library to handle Apple Property List format in binary or XML. Debian and Ubuntu are using vulnerable versions.https://github.com/libimobiledevice/libplist
Public issues:heap-buffer-overflow in parse_dict_node
https://github.com/libimobiledevice/libplist/issues/89
memory allocation errorhttps://github.com/libimobiledevice/libplist/issues/88

heap-buffer-overflow CVE-2017-5545 used in
https://github.com/libimobiledevice/libplist/issues/87

issue in plist_free_data plist.c:185
https://github.com/libimobiledevice/libplist/issues/86

Regards, Nikola
--
Nikola s.c

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.