Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201805-19 ========================================= Severity: Medium Date : 2018-05-20 CVE-ID : CVE-2017-14731 Package : libofx Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-536 Summary ====== The package libofx before version 0.9.13-1 is vulnerable to denial of service. Resolution ========= Upgrade to 0.9.13-1. # pacman -Syu "libofx>=0.9.13-1" The problem has been fixed upstream in version 0.9.13. Workaround ========= None. Description ========== ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. Impact ===== A remote attacker is able to cause a denial of service via a specially crafted file. References ========= https://bugs.archlinux.org/task/56544 https://github.com/libofx/libofx/issues/10 https://github.com/libofx/libofx/commit/fad8418f34094de42e1307113598e0e8bee0a2bd https://security.archlinux.org/CVE-2017-14731