Libofx Project » Libofx : Security Vulnerabilities, CVEs,
An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.
Max CVSS
8.8
EPSS Score
0.48%
Published
2019-03-11
Updated
2023-01-20
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.
Max CVSS
6.5
EPSS Score
0.41%
Published
2017-09-25
Updated
2019-10-03
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.
Max CVSS
8.8
EPSS Score
0.18%
Published
2017-09-13
Updated
2023-01-28
3 vulnerabilities found