MGASA-2018-0214

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2018-0214.html
Import Source
https://advisories.mageia.org/MGASA-2018-0214.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2018-0214
Related
Published
2018-04-30T19:08:07Z
Modified
2018-04-30T17:07:41Z
Summary
Updated libofx packages fix security vulnerabilities
Details

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability (CVE-2017-2816).

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability (CVE-2017-2920).

ofxprocfile in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call (CVE-2017-14731).

References
Credits

Affected packages

Mageia:6 / libofx

Package

Name
libofx
Purl
pkg:rpm/mageia/libofx?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.10-2.mga6

Ecosystem specific 

{
    "section": "core"
}