{"id":"CVE-2017-5545","details":"The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.","modified":"2026-02-14T07:15:31.112215Z","published":"2017-01-21T01:59:00.170Z","related":["MGASA-2018-0025","SUSE-SU-2017:1368-1","SUSE-SU-2017:1379-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95702"},{"type":"ADVISORY","url":"https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee"},{"type":"ADVISORY","url":"https://github.com/libimobiledevice/libplist/issues/87"},{"type":"REPORT","url":"https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee"},{"type":"REPORT","url":"https://github.com/libimobiledevice/libplist/issues/87"},{"type":"FIX","url":"https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee"},{"type":"FIX","url":"https://github.com/libimobiledevice/libplist/issues/87"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libimobiledevice/libplist","events":[{"introduced":"0"},{"fixed":"7391a506352c009fe044dead7baad9e22dd279ee"}]}],"versions":["1.10","1.11","1.12","1.4","1.5","1.6","1.7","1.8","1.9","libplist_rc1","libplist_rc2","v0.10","v0.11","v0.12","v0.13","v0.14","v0.15","v0.16","v0.8","v0.9","v1.0","v1.1","v1.2","v1.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5545.json","vanir_signatures":[{"signature_type":"Function","source":"https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee","digest":{"length":1186,"function_hash":"215229012858047104723625881649240712316"},"id":"CVE-2017-5545-19a8f293","target":{"function":"main","file":"tools/plistutil.c"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","source":"https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee","digest":{"threshold":0.9,"line_hashes":["258948382834452506214063809245523802752","186610564183792996153831494707095801239","146331972165227783761996204000359528502","151150956876872385014408689861877055924"]},"id":"CVE-2017-5545-b73054cd","target":{"file":"tools/plistutil.c"},"deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}