High severity7.8NVD Advisory· Published Oct 5, 2017· Updated Jun 17, 2026
CVE-2017-2920
CVE-2017-2920
Description
An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords4 versionspkg:rpm/suse/libofx&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libofx&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libofx&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libofx&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 0.9.9-3.7.1+ 3 more
- (no CPE)range: < 0.9.9-3.7.1
- (no CPE)range: < 0.9.0-3.7.1
- (no CPE)range: < 0.9.9-3.7.1
- (no CPE)range: < 0.9.9-3.7.1
- Talos/Computerinsel Photolinev5Range: 20.02
Patches
Vulnerability mechanics
References
4- github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082dnvdPatchThird Party Advisory
- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0427nvdExploitTechnical DescriptionThird Party Advisory
- security.gentoo.org/glsa/201908-26nvdThird Party Advisory
- www.securityfocus.com/bid/101186nvdBroken Link
News mentions
0No linked articles in our index yet.