A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.
CVSS Details
- CVSS 3.1 Base Score: 5.5
- CVSS 3.1 Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Amazon Linux Ami 2 | amazon-linux-ami-2-upgrade-libplistamazon-linux-ami-2-upgrade-libplist-debuginfoamazon-linux-ami-2-upgrade-libplist-develamazon-linux-ami-2-upgrade-libplist-python | Jun 6, 2023 | Feb 21, 2023 | |
| Huawei Euleros 2_0_sp5 | huawei-euleros-2_0_sp5-upgrade-libplist | Feb 12, 2024 | Feb 21, 2023 | |
| Redhat_linux | — | no-fix-redhat-rpm-package | Jul 9, 2025 | Feb 21, 2023 |
| Suse | — | suse-upgrade-libplist-3suse-upgrade-libplist-develsuse-upgrade-libplist3 | Aug 9, 2024 | Feb 21, 2023 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub