ASA-201805-19 generated external raw

[ASA-201805-19] libofx: denial of service
Arch Linux Security Advisory ASA-201805-19 ========================================== Severity: Medium Date : 2018-05-20 CVE-ID : CVE-2017-14731 Package : libofx Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-536 Summary ======= The package libofx before version 0.9.13-1 is vulnerable to denial of service. Resolution ========== Upgrade to 0.9.13-1. # pacman -Syu "libofx>=0.9.13-1" The problem has been fixed upstream in version 0.9.13. Workaround ========== None. Description =========== ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. Impact ====== A remote attacker is able to cause a denial of service via a specially crafted file. References ========== https://bugs.archlinux.org/task/56544 https://github.com/libofx/libofx/issues/10 https://github.com/libofx/libofx/commit/fad8418f34094de42e1307113598e0e8bee0a2bd https://security.archlinux.org/CVE-2017-14731