CVE-2017-2920

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-2920

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2920.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-2920

Downstream

SUSE-SU-2018:2045-1

SUSE-SU-2018:2064-1

Related

Published

2017-10-05T19:29:00.260Z

Modified

2025-11-20T10:40:17.290392Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file to trigger this vulnerability.

References

Affected packages

Git / github.com/libofx/libofx

Affected ranges

Type: GIT
Repo: https://github.com/libofx/libofx
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a70934eea95c76a7737b83773bffe8738935082d

Affected versions

0.*

0.6.0

0.6.3

0.6.4

0.6.5

0.6.6

0.7.0

0.8.0

0.8.2

0.8.3

0.9.0

0.9.1

0.9.10

0.9.11

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "11317720124227425827591660273978270502",
                "203360976778954396820748845390427486766",
                "261893714324801844853658230447468559864",
                "275384729364860922404067616477259922120",
                "333129786771766861062448794087521950591",
                "181544254235902240578213296483092842381",
                "161059626680483268312000947045777307723",
                "157040323481170814856756724913567629415",
                "51041871295027837063861698332160122143"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "lib/ofx_preproc.cpp"
        },
        "source": "https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d",
        "signature_version": "v1",
        "id": "CVE-2017-2920-4c6893f2"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 1877.0,
            "function_hash": "303257040110567730191986962881935780498"
        },
        "target": {
            "file": "lib/ofx_preproc.cpp",
            "function": "sanitize_proprietary_tags"
        },
        "source": "https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d",
        "signature_version": "v1",
        "id": "CVE-2017-2920-b71b75ac"
    }
]