CVE-2017-2808

CVE-2017-2808 affects Ledger-CLI 3.1.1, with a use-after-free in the account parsing component triggered by loading a specially crafted journal file, enabling arbitrary code execution. Multiple connected advisories cite this CVE and note remediation by upgrading Ledger to newer releases (e.g., Le...

CVE-2017-12482

CVE-2017-12482 affects Ledger 3.1.1, where ledger::parse_date_mask_routine in times.cc can be triggered by a crafted file to cause a stack-based buffer overflow, leading to denial of service (and potentially other impact). Public advisories (openSUSE/SUSE GLSA, Gentoo GLSA, OSV entries) reference...

CVE-2017-2807

CVE-2017-2807 affects Ledger-CLI 3.1.1, with a buffer overflow in the tag value parsing component caused by an integer underflow when processing a crafted journal file. This can lead to code execution or other impact described in multiple advisories. Public sources in the connected docs confirm r...

CVE-2017-12481

CVE-2017-12481 affects Ledger 3.1.1, where the find_option function in option.cc can be triggered by a crafted file to cause a stack-based buffer overflow, leading to a denial of service (and potentially other impact). Public documents in the connected set confirm this CVE alongside related ones ...