The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
[ { "source": "https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee", "deprecated": false, "target": { "file": "tools/plistutil.c", "function": "main" }, "digest": { "function_hash": "215229012858047104723625881649240712316", "length": 1186.0 }, "id": "CVE-2017-5545-19a8f293", "signature_type": "Function", "signature_version": "v1" }, { "source": "https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee", "deprecated": false, "target": { "file": "tools/plistutil.c" }, "digest": { "line_hashes": [ "258948382834452506214063809245523802752", "186610564183792996153831494707095801239", "146331972165227783761996204000359528502", "151150956876872385014408689861877055924" ], "threshold": 0.9 }, "id": "CVE-2017-5545-b73054cd", "signature_type": "Line", "signature_version": "v1" } ]