Vulnerability Details CVE-2019-9656
An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://github.com/TeamSeri0us/pocs/tree/master/libofx
- https://github.com/libofx/libofx/issues/22
- https://lists.debian.org/debian-lts-announce/2019/11/msg00021.html
- https://usn.ubuntu.com/4523-1/
- https://github.com/TeamSeri0us/pocs/tree/master/libofx
- https://github.com/libofx/libofx/issues/22
- https://lists.debian.org/debian-lts-announce/2019/11/msg00021.html
- https://usn.ubuntu.com/4523-1/
Products affected by CVE-2019-9656
-
cpe:2.3:a:libofx_project:libofx:0.9.14
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:debian:debian_linux:8.0