CVE-2017-6438

Name of the Vulnerable Software and Affected Versions libplist version 1.12

Description The issue is related to a heap-based buffer overflow in the parse unicode node function in bplist.c in libimobiledevice libplist. This can be exploited by local users via a crafted plist file, potentially leading to a denial of service (out-of-bounds write) and possibly code execution.

Recommendations For libplist version 1.12, consider updating to a newer version that contains a fix for this issue, as using a crafted plist file can lead to a denial of service and potentially code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.