Resource Management Errors Affecting libplist package, versions >=0.0.0

Attack Complexity

Low
Availability

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-COCOAPODS-LIBPLIST-534506
published

2 Oct 2019
disclosed

20 Jan 2017
credit

Wang Junjie

Report a new vulnerability Found a mistake?

Introduced: 20 Jan 2017

CVE-2017-5835 Open this link in a new tab CWE-399 Open this link in a new tab

How to fix?

There is no fixed version for libplist.

Overview

libplist is a library to handle Apple Property List format in binary or XML

Affected versions of this package are vulnerable to Resource Management Errors. It allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.

References

GitHub Issue
OSS security Advisory
Security Focus

Resource Management Errors Affecting libplist package, versions >=0.0.0

Attack Complexity

Availability

snyk-id

published

disclosed

credit

Introduced: 20 Jan 2017

How to fix?

Overview

References