ofxprocfile in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libofx6", "binary_version": "1:0.9.10-1+deb8u1build0.16.04.1" }, { "binary_name": "ofx", "binary_version": "1:0.9.10-1+deb8u1build0.16.04.1" } ] }
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-14731.json"