libofx
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | API for the OFX banking standard |
| Version | 0.10.9-2 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-536 | 0.9.12-1 | 0.9.13-1 | Medium | Fixed | FS#56544 |
| AVG-534 | 0.9.11-1 | 0.9.12-1 | Medium | Fixed | FS#56539 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2017-14731 | AVG-536 | Medium | Yes | Denial of service | ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash)... |
| CVE-2017-2816 | AVG-534 | Medium | Yes | Arbitrary code execution | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 20 May 2018 | ASA-201805-19 | AVG-536 | Medium | denial of service |
| 02 Dec 2017 | ASA-201712-3 | AVG-534 | Medium | arbitrary code execution |