Libofx Security Update for Debian 7 LTS
Posted on: 11/27/2017 06:14 AM

A libofx update has been released for Debian GNU/Linux 7 LTS

Libofx Security Update for Debian 7 LTS

Package : libofx
Version : 1:0.9.4-2.1+deb7u1
CVE ID : CVE-2017-2816 CVE-2017-14731

An exploitable buffer overflow vulnerability exists in the tag
parsing functionality of LibOFX 0.9.11. A specially crafted OFX
file can cause a write out of bounds resulting in a buffer
overflow on the stack. An attacker can construct a malicious
OFX file to trigger this vulnerability.

ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause
a denial of service (heap-based buffer over-read and application
crash) via a crafted file

For Debian 7 "Wheezy", these problems have been fixed in version

We recommend that you upgrade your libofx packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:

Printed from Linux Compatible (