Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2816 | 2 Debian, Libofx Project | 2 Debian Linux, Libofx | 2023-01-27 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. | |||||
CVE-2019-9656 | 3 Canonical, Debian, Libofx Project | 3 Ubuntu Linux, Debian Linux, Libofx | 2023-01-20 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump. | |||||
CVE-2017-14731 | 1 Libofx Project | 1 Libofx | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. |