CVE-2017-2816Improper Restriction of Operations within the Bounds of a Memory Buffer in Libofx

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 26.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Libofx Project LibofxDebian LibofxLibofx+1 more
Timeline
PublishedSep 13
Latest updateMay 13

Description

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/libofx< libofx 1:0.9.11-4 (bookworm)
Debianlibofx_project/libofx< 1:0.9.11-4+3
CVEListV5libofx/libofx0.9.11

Also affects: Debian Linux 7.0

🔴Vulnerability Details

2
GHSA
GHSA-3w43-mhj6-r4fj: An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 02022-05-13
OSV
CVE-2017-2816: An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 02017-09-13

📋Vendor Advisories

1
Debian
CVE-2017-2816: libofx - An exploitable buffer overflow vulnerability exists in the tag parsing functiona...2017

🕵️Threat Intelligence

1
Talos
Vulnerability Spotlight: LibOFX Tag Parsing Code Execution Vulnerability2017-09-13

💬Community

4
Bugzilla
CVE-2018-17795 libtiff: Heap-based buffer overflow in tiff2pdf.c:t2p_write_pdf()2018-10-02
Bugzilla
CVE-2017-2816 libofx: Stack-based buffer over-write in sanitize_proprietary_tags function in lib/ofx_preproc.cpp2017-09-15
Bugzilla
CVE-2017-14731 CVE-2017-2816 CVE-2017-2920 libofx: various flaws [epel-all]2017-09-15
Bugzilla
CVE-2017-14731 CVE-2017-2816 CVE-2017-2920 libofx: various flaws [fedora-all]2017-09-15
CVE-2017-2816 — Debian Libofx vulnerability | cvebase