CVE-2017-5836

Source
Severity High
Remote Yes
Type Denial of service
Description
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
Group Package Affected Fixed Severity Status Ticket
AVG-215 libplist 1.12-6 2.0.0-1 High Fixed
Date Advisory Group Package Severity Description
16 May 2017 ASA-201705-18 AVG-215 libplist High multiple issues
References
https://bugzilla.redhat.com/show_bug.cgi?id=1418593