3 matches found
CVE-2019-9656
CVE-2019-9656 affects LibOFX 0.9.14, with a NULL pointer dereference in OFXApplication::startElement in lib/ofx_sgml.cpp (as demonstrated by ofxdump). Connected advisories indicate patches exist for libofx to fix this vulnerability (e.g., SUSE/MGASA-2019-0409 and OSV entries). Impact details in t...
CVE-2017-2816
LibOFX 0.9.11 contains an exploitable buffer overflow in the tag parsing functionality. A crafted OFX file can cause a write out of bounds on the stack, potentially enabling remote code execution or a crash. Public advisories and CVE records consistently describe this vulnerability as CVE-2017-28...
CVE-2017-14731
CVE-2017-14731 affects LibOFX up to 0.9.12, where ofx_proc_file in ofx_preproc.cpp can be exploited by a crafted OFX file to cause a denial of service via a heap-based buffer over-read and application crash. Public advisories (Arch Linux ASA-201805-19, Gentoo GLSA-201908-26, SUSE/Fedora updates) ...