Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:2229-1

Опубликовано: 07 авг. 2018
Источник: suse-cvrf

Описание

Security update for libofx

This update for libofx fixes the following issues:

The following security vulnerabilities have been addressed:

  • CVE-2017-2920: Fixed an exploitable buffer overflow in the tag parsing functionality, which could result in an out of bounds write and could be triggered via a specially crafted OFX file (boo#1061964)

  • CVE-2017-2816: Fixed another buffer overflow in the tag parsing functionality, which could result in an stack overflow and could be triggered via a specially crafted OFX file (boo#1058673)

Список пакетов

openSUSE Leap 42.3
libofx-0.9.10-7.3.1
libofx-devel-0.9.10-7.3.1
libofx6-0.9.10-7.3.1

Ссылки

Описание

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.

Затронутые продукты
openSUSE Leap 42.3:libofx-0.9.10-7.3.1
openSUSE Leap 42.3:libofx-devel-0.9.10-7.3.1
openSUSE Leap 42.3:libofx6-0.9.10-7.3.1
Ссылки

Описание

An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file to trigger this vulnerability.

Затронутые продукты
openSUSE Leap 42.3:libofx-0.9.10-7.3.1
openSUSE Leap 42.3:libofx-devel-0.9.10-7.3.1
openSUSE Leap 42.3:libofx6-0.9.10-7.3.1
Ссылки