Advisories ยป MGASA-2018-0214

Updated libofx packages fix security vulnerabilities

Publication date: 30 Apr 2018
Modification date: 30 Apr 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-2816 , CVE-2017-2920 , CVE-2017-14731

Description

An exploitable buffer overflow vulnerability exists in the tag parsing
functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a
write out of bounds resulting in a buffer overflow on the stack. An
attacker can construct a malicious OFX file to trigger this
vulnerability (CVE-2017-2816).

An exploitable buffer overflow vulnerability exists in the tag parsing
functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a
write out of bounds resulting in a buffer overflow on the stack. An
attacker can construct a malicious OFX file to trigger this
vulnerability (CVE-2017-2920).

ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file, as demonstrated by an ofxdump
call (CVE-2017-14731).
                

References

SRPMS

6/core