CVE-2015-10082

Published: Feb 21, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.

Affected (1)

Products: Libimobiledevice: Libplist

Libimobiledevice

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libimobiledevice Libplist	Version 1.12

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (6)

https://github.com/UIKit0/libplist/commit/c086cb139af7c82845f6d565e636073ff4b37440

Source: cna@vuldb.com

Patch

https://vuldb.com/?ctiid.221499

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?id.221499

Source: cna@vuldb.com

Permissions Required

https://github.com/UIKit0/libplist/commit/c086cb139af7c82845f6d565e636073ff4b37440

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://vuldb.com/?ctiid.221499

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://vuldb.com/?id.221499

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.