PT-2017-13658 · Libofx+1 · Libofx+1

Henri Salo

·

Publicado

2017-09-25

·

Atualizado

2019-10-03

·

CVE-2017-14731

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions LibOFX version 0.9.12
Description The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, via a crafted file. This can be demonstrated by an ofxdump call.
Recommendations For LibOFX version 0.9.12, consider avoiding the use of crafted files with ofxdump until a patch is available. As a temporary workaround, restrict access to the ofx proc file function in ofx preproc.cpp to minimize the risk of exploitation.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

CVE-2017-14731
DLA-1192-1
MGASA-2018-0214
OPENSUSE-SU-2024:10964-1
SUSE-SU-2018:2045-1
SUSE-SU-2018:2064-1
SUSE-SU-2018_2045-1
SUSE-SU-2018_2064-1

Produtos afetados

Libofx
Suse