Denial of Service Vulnerability in libplist's plist_free_data Function

Denial of Service Vulnerability in libplist's plist_free_data Function

CVE-2017-5836 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.

Learn more about our Web Application Penetration Testing UK.