Description
An exploitable buffer overflow vulnerability exists in the tag parsing
functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a
write out of bounds resulting in a buffer overflow on the stack. An
attacker can construct a malicious OFX file to trigger this
vulnerability (CVE-2017-2816).
An exploitable buffer overflow vulnerability exists in the tag parsing
functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a
write out of bounds resulting in a buffer overflow on the stack. An
attacker can construct a malicious OFX file to trigger this
vulnerability (CVE-2017-2920).
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file, as demonstrated by an ofxdump
call (CVE-2017-14731).