VYPR

rpm package

suse/libofx&distro=SUSE Linux Enterprise Desktop 12 SP3

pkg:rpm/suse/libofx&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3

Vulnerabilities (3)

  • CVE-2017-2920HigOct 5, 2017
    affected < 0.9.9-3.7.1fixed 0.9.9-3.7.1

    An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a spe

  • CVE-2017-14731MedSep 25, 2017
    affected < 0.9.9-3.7.1fixed 0.9.9-3.7.1

    ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.

  • CVE-2017-2816HigSep 13, 2017
    affected < 0.9.9-3.7.1fixed 0.9.9-3.7.1

    An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerab