These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-5836 is a high-severity memory-management flaw in libplist that can cause a crash. The issue is described as an invalid free in plist_free_data when an integer node is treated as a PLIST_KEY. For defenders, the main concern is service availability rather than data theft or code execution.
CVE-2017-5835 is a denial-of-service issue in libplist that can cause large memory allocation and a crash when handling vectors involving an offset size of zero. NVD assigns the issue a CVSS 3.0 score of 7.5 (HIGH) and maps it to CWE-770, indicating uncontrolled resource consumption. The available references include upstream mailing list threads and a GitHub issue tied to the libplist project, which suppo [truncated]
CVE-2017-5834 is a denial-of-service vulnerability in libplist’s bplist parser. A crafted file can trigger an out-of-bounds heap read in parse_dict_node() within bplist.c, causing a crash. The published CVSS vector rates it as local, user-interaction required, and availability-impacting only.
CVE-2017-5545 is a critical out-of-bounds read in libplist’s plistutil.c main function, affecting libplist through version 1.12. According to NVD and the CVE record, too-short Apple Property List input can trigger a buffer over-read, which may disclose sensitive process memory or crash the affected process. The CVE was published on 2017-01-21; the 2026 modification date reflects record updates, not the or [truncated]