ledger -- multiple vulnerabilities

2017-09-05T00:00:00
ID D843A984-7F22-484F-BA81-483DDBE30DC3
Type freebsd
Reporter FreeBSD
Modified 2017-09-05T00:00:00

Description

Talos reports:

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.