ofxprocfile in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.
{ "binaries": [ { "binary_name": "libofx-dev", "binary_version": "1:0.9.10-1+deb8u1build0.16.04.1" }, { "binary_name": "libofx-dev-dbgsym", "binary_version": "1:0.9.10-1+deb8u1build0.16.04.1" }, { "binary_name": "libofx-doc", "binary_version": "1:0.9.10-1+deb8u1build0.16.04.1" }, { "binary_name": "libofx6", "binary_version": "1:0.9.10-1+deb8u1build0.16.04.1" }, { "binary_name": "libofx6-dbg", "binary_version": "1:0.9.10-1+deb8u1build0.16.04.1" }, { "binary_name": "libofx6-dbgsym", "binary_version": "1:0.9.10-1+deb8u1build0.16.04.1" }, { "binary_name": "ofx", "binary_version": "1:0.9.10-1+deb8u1build0.16.04.1" }, { "binary_name": "ofx-dbgsym", "binary_version": "1:0.9.10-1+deb8u1build0.16.04.1" } ], "availability": "No subscription required" }