ASA-201712-3 log generated external raw

[ASA-201712-3] libofx: arbitrary code execution
Arch Linux Security Advisory ASA-201712-3 ========================================= Severity: Medium Date : 2017-12-02 CVE-ID : CVE-2017-2816 Package : libofx Type : arbitrary code execution Remote : Yes Link : Summary ======= The package libofx before version 0.9.12-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 0.9.12-1. # pacman -Syu "libofx>=0.9.12-1" The problem has been fixed upstream in version 0.9.12. Workaround ========== None. Description =========== An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. Impact ====== A remote attacker is able to crash the application, or possibly execute arbitrary code by providing a crafted file. References ==========