libofx

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description API for the OFX banking standard
Version 0.10.9-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-536 0.9.12-1 0.9.13-1 Medium Fixed FS#56544
AVG-534 0.9.11-1 0.9.12-1 Medium Fixed FS#56539
Issue Group Severity Remote Type Description
CVE-2017-14731 AVG-536 Medium Yes Denial of service
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash)...
CVE-2017-2816 AVG-534 Medium Yes Arbitrary code execution
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of...

Advisories

Date Advisory Group Severity Type
20 May 2018 ASA-201805-19 AVG-536 Medium denial of service
02 Dec 2017 ASA-201712-3 AVG-534 Medium arbitrary code execution