SUSE CVE-2017-2807

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability...

SUSE CVE-2017-2808

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this...

CVE-2020-8992

ext4protectreservedinode in fs/ext4/blockvalidity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service soft lockup via a crafted journal size...

CVE-2020-8992

ext4protectreservedinode in fs/ext4/blockvalidity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service soft lockup via a crafted journal size...

CVE-2020-8992

ext4protectreservedinode in fs/ext4/blockvalidity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service soft lockup via a crafted journal size...

CVE-2020-8992

ext4protectreservedinode in fs/ext4/blockvalidity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service soft lockup via a crafted journal size...

CVE-2020-8992

ext4protectreservedinode in fs/ext4/blockvalidity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service soft lockup via a crafted journal size...

Ledger-CLI tag parsing buffer overflow vulnerability

Ledger is an accounting system that supports UNIX commands. A buffer overflow vulnerability in the Ledger-CLI tag parsing feature allows remote attackers to exploit the vulnerability by submitting a journal file and tricking a user into parsing it, which could crash the application or execute...

UBUNTU-CVE-2017-2807

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability...

CVE-2016-0038

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Memory Corruption...

Microsoft Windows Journal File Handling Arbitrary Code Execution Vulnerability (CNVD-2015-03111)

Microsoft Windows is a popular operating system. A security vulnerability in Microsoft Windows handling of specially crafted Journal .jnt files allows remote attackers to exploit the vulnerability to construct malicious files that can be parsed by a user and can be used in an application context ...

Microsoft Windows Journal File Handling Arbitrary Code Execution Vulnerability (CNVD-2015-03110)

Microsoft Windows is a popular operating system. A security vulnerability in Microsoft Windows handling of specially crafted Journal .jnt files allows remote attackers to exploit the vulnerability to construct malicious files that can be parsed by a user and can be used in an application context ...

CVE-2015-1696

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution...