{"id":"CVE-2017-5209","details":"The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.","modified":"2026-04-16T01:44:48.917096733Z","published":"2017-01-11T16:59:00.377Z","related":["SUSE-SU-2017:1368-1","SUSE-SU-2017:1379-1","openSUSE-SU-2024:10970-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95385"},{"type":"FIX","url":"https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libimobiledevice/libplist","events":[{"introduced":"0"},{"fixed":"3a55ddd3c4c11ce75a86afbefd085d8d397ff957"}]}],"versions":["1.10","1.11","1.12","1.4","1.5","1.6","1.7","1.8","1.9","libplist_rc1","libplist_rc2","v0.10","v0.11","v0.12","v0.13","v0.14","v0.15","v0.16","v0.8","v0.9","v1.0","v1.1","v1.2","v1.3"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"164416114173449785052596918650529102812","length":729},"id":"CVE-2017-5209-1b04a25d","target":{"function":"base64decode_block","file":"src/base64.c"},"source":"https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"314486086675054524749796715941231905944","length":658},"id":"CVE-2017-5209-d3630cbf","target":{"function":"base64decode","file":"src/base64.c"},"source":"https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["239040744115479419632818748228030113667","239151059618535891206466436112546525001","97731862824062919057308455431344175598","30650512705403105896667223673607359730","291838965193715168448917716115053422315","308863945989836193210279606555966994293","34314351547154017379610223230261482821","310557289465673334055352687656249057299","180959000069098339479882196497212630791","59322325731085695585244485288401991679","275261879230748627463257519375964553283","164800063748490629613931335506483790310","219251704469664386360402229855305694118","168275799113560374954757021975714952282","265004936740479649998405059790892969353","194583676181820308939854176457239894274","315259718620221101545167140023066991205","149573202446606088192324053300999467379","337559915995281451340440391372121075160","305629769045226625454616343998526143001","174571737920233305568737932226433314494","279645789977165795203969079161932872034","278734323335013723831670581492624244476","79368994530777510680142188368159762177","234855901578990834872306046388906378983","155900340092001441691623585699145184240","124136027867016086000070617565358360953","187791034021908587935874648234331712886","279960807316640387088164946547967777483","76768202509037647150108493931852435429","314003989143080662758158254980281836307","24925598576850167784793979386230326316","125833897800010338204847699667352917373","22223243848124637780017599837192504900","8626409113061232740650840249896403346","22393312180091040974105257849429511749","247405529704144462619662123274660164632","137547322009934543442132452812063134655","60324518364767997232863300755430803103","61292131773657112856981355300560320840","149291392303292719765607095266975288724","103308908888133779983489287072541978635","12255389452065962405750623661642883889","130553747984377306629957231891779762062","162582290999820086271282860898160120395","122298633604160890822172102234022981734","26611477329444989863547466171604912988","278331190281788673533426845412863501092","114128912607050934920504135266173650364","200674945667808137895837401813019301785"],"threshold":0.9},"id":"CVE-2017-5209-dc023237","target":{"file":"src/base64.c"},"source":"https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5209.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}