CVE-2017-2816 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-2816 Interim 1 24 2023-12-09T01:09:42Z current 2021-05-30T13:50:25Z 2023-12-09T01:09:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-2816 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-July/004302.html E-Mail link for SUSE-SU-2018:2045-1 https://lists.suse.com/pipermail/sle-security-updates/2018-July/004310.html E-Mail link for SUSE-SU-2018:2064-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E6H4QYN54L6S34SBJCYAHSNU5XGILQRU/#E6H4QYN54L6S34SBJCYAHSNU5XGILQRU E-Mail link for openSUSE-SU-2018:2229-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 openSUSE Tumbleweed libofx-0.10.1-1.9 libofx-0.9.0-3.7.1 libofx-0.9.9-3.7.1 libofx-devel-0.10.1-1.9 libofx-devel-0.9.0-3.7.1 libofx-devel-0.9.9-3.7.1 libofx4-0.9.0-3.7.1 libofx6-0.9.9-3.7.1 libofx7-0.10.1-1.9 libofx-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libofx6-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libofx-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 libofx6-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 libofx-0.9.0-3.7.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libofx-devel-0.9.0-3.7.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libofx4-0.9.0-3.7.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libofx-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 libofx-devel-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 libofx-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 libofx-devel-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 libofx-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libofx-devel-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libofx-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP3 libofx6-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP3 libofx-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP4 libofx6-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP4 libofx-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 libofx6-0.9.9-3.7.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 libofx-0.10.1-1.9 as a component of openSUSE Tumbleweed libofx-devel-0.10.1-1.9 as a component of openSUSE Tumbleweed libofx7-0.10.1-1.9 as a component of openSUSE Tumbleweed An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. CVE-2017-2816 SUSE Linux Enterprise Desktop 12 SP3:libofx-0.9.9-3.7.1 SUSE Linux Enterprise Desktop 12 SP3:libofx6-0.9.9-3.7.1 SUSE Linux Enterprise Desktop 12 SP4:libofx-0.9.9-3.7.1 SUSE Linux Enterprise Desktop 12 SP4:libofx6-0.9.9-3.7.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libofx-0.9.0-3.7.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libofx-devel-0.9.0-3.7.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libofx4-0.9.0-3.7.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libofx-0.9.9-3.7.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libofx-devel-0.9.9-3.7.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libofx-0.9.9-3.7.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libofx-devel-0.9.9-3.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libofx-0.9.9-3.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libofx-devel-0.9.9-3.7.1 SUSE Linux Enterprise Workstation Extension 12 SP3:libofx-0.9.9-3.7.1 SUSE Linux Enterprise Workstation Extension 12 SP3:libofx6-0.9.9-3.7.1 SUSE Linux Enterprise Workstation Extension 12 SP4:libofx-0.9.9-3.7.1 SUSE Linux Enterprise Workstation Extension 12 SP4:libofx6-0.9.9-3.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libofx-0.9.9-3.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libofx6-0.9.9-3.7.1 openSUSE Tumbleweed:libofx-0.10.1-1.9 openSUSE Tumbleweed:libofx-devel-0.10.1-1.9 openSUSE Tumbleweed:libofx7-0.10.1-1.9 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L