rpm package
suse/libofx&distro=SUSE Linux Enterprise Workstation Extension 12 SP3
pkg:rpm/suse/libofx&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-2920 | Hig | 7.8 | < 0.9.9-3.7.1 | 0.9.9-3.7.1 | Oct 5, 2017 | An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a spe | |
| CVE-2017-14731 | Med | 6.5 | < 0.9.9-3.7.1 | 0.9.9-3.7.1 | Sep 25, 2017 | ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. | |
| CVE-2017-2816 | Hig | 8.8 | < 0.9.9-3.7.1 | 0.9.9-3.7.1 | Sep 13, 2017 | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerab |
- affected < 0.9.9-3.7.1fixed 0.9.9-3.7.1
An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a spe
- affected < 0.9.9-3.7.1fixed 0.9.9-3.7.1
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.
- affected < 0.9.9-3.7.1fixed 0.9.9-3.7.1
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerab