Описание
Security update for libofx
This update for libofx fixes the following issues:
Security issues fixed:
- CVE-2017-2816: Fix an exploitable buffer overflow vulnerability in the tag parsing functionality (bsc#1058673).
- CVE-2017-2920: Fix a buffer overflow vulnerability in sanitize_proprietary_tags in lib/ofx_preproc.cpp (bsc#1061964).
- CVE-2017-14731: Fix remote denial of service via a crafted file in ofx_proc_file in ofx_preproc.cpp (bsc#1060437).
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2018:2045-1
- E-Mail link for SUSE-SU-2018:2045-1
- SUSE Security Ratings
- SUSE Bug 1058673
- SUSE Bug 1060437
- SUSE Bug 1061964
- SUSE CVE CVE-2017-14731 page
- SUSE CVE CVE-2017-2816 page
- SUSE CVE CVE-2017-2920 page
Описание
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.
Затронутые продукты
Ссылки
- CVE-2017-14731
- SUSE Bug 1060437
Описание
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2816
- SUSE Bug 1058673
Описание
An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2920
- SUSE Bug 1061964