CVE-2015-10082: 
Linux Red Hat vulnerability analysis and mitigation

A vulnerability classified as problematic was discovered in UIKit0 libplist version 1.12, specifically affecting the plistfromxml function in the src/xplist.c file of the XML Handler component. The vulnerability was disclosed on February 21, 2023, and is tracked as CVE-2015-10082. The issue relates to improper handling of XML external entity references (NVD).

The vulnerability stems from improper restriction of XML external entity references in the plistfromxml function. The issue received a CVSS v3.1 base score of 9.8 (CRITICAL) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a critical severity level. A patch was created with commit ID c086cb139af7c82845f6d565e636073ff4b37440 to address this security concern (Github Patch).

The vulnerability could allow an attacker to manipulate XML external entity references, potentially leading to unauthorized access to files or network resources. The exploitation could result in high impacts on confidentiality, integrity, and availability of the affected system (NVD).

The issue has been patched in commit c086cb139af7c82845f6d565e636073ff4b37440. The fix involves disabling external entity loading to prevent XXE vulnerability and implementing additional security measures such as disabling network access during XML parsing. It is recommended to apply this patch to affected systems (Github Patch).