The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file.
{
"cpe": "cpe:2.3:a:libplist_project:libplist:1.12:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "1.12"
},
{
"last_affected": "1.12"
}
],
"source": [
"CPE_STRING",
"REFERENCES"
]
}[
{
"source": "https://github.com/libimobiledevice/libplist/commit/fbd8494d5e4e46bf2e90cb6116903e404374fb56",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"166617824543065401546292462610535510105",
"151939609487479776985276108744903120935",
"24133642741013801621014912325641290436",
"37113499254304029301144506171486364652"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2017-6435-15f9e459",
"target": {
"file": "src/bplist.c"
}
},
{
"source": "https://github.com/libimobiledevice/libplist/commit/fbd8494d5e4e46bf2e90cb6116903e404374fb56",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "131114131073426878372943962157941285538",
"length": 355.0
},
"deprecated": false,
"id": "CVE-2017-6435-c2e66383",
"target": {
"function": "parse_string_node",
"file": "src/bplist.c"
}
}
]
"2026-07-08T16:53:09Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6435.json"