[3.6] libplist: Multiple issues (CVE-2017-5209, CVE-2017-5545, CVE-2017-5834, CVE-2017-5835, CVE-2017-5836)
The base64decode function in base64.c in libimobiledevice libplist
through 1.12 allows attackers to obtain sensitive information
from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
The main function in plistutil.c in libimobiledevice libplist through
1.12 allows attackers to obtain sensitive information from process
memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
CVE-2017-5834: heap-buffer-overflow in parse_dict_node
CVE-2017-5835: memory allocation error
CVE-2017-5836: issue in plist_free_data plist.c:185
(from redmine: issue id 6899, created on 2017-02-20, closed on 2017-06-29)
- parent #6898 (closed)
- Revision d2b9ac4f by Natanael Copa on 2017-05-31T14:10:29Z:
community/libplist: security upgrade to 2.0.0 CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 This seems to be an update that is ABI compatible, and only kodi uses is. fixes #6899