Vulnerability Details CVE-2017-14731
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://github.com/libofx/libofx/issues/10
- https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html
- https://security.gentoo.org/glsa/201908-26
- https://github.com/libofx/libofx/issues/10
- https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html
- https://security.gentoo.org/glsa/201908-26
Products affected by CVE-2017-14731
-
cpe:2.3:a:libofx_project:libofx:0.9.12