Summary: | app-pda/libplist: XXE vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | minor | CC: | matthew |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://vuldb.com/?ctiid.221499 | ||
Whiteboard: | B4 [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2023-02-26 17:31:49 UTC
The libplist in tree doesn't use libxml and (for better or for worse) has its own handwritten XML parser. plist_from_xml: https://github.com/libimobiledevice/libplist/blob/bfc97788f081584ced9cd35d85b69b3fec6b907c/src/xplist.c#L1474-L1487 commit that removes libxml2: https://github.com/libimobiledevice/libplist/commit/392135c7db4d9cb4a14ff5935d7c4c6e21363847 (present since v2.0.0) I see, thanks! |