Candidate: CVE-2017-2816
PublicDate: 2017-09-13 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2816
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317
Description:
 An exploitable buffer overflow vulnerability exists in the tag parsing
 functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a
 write out of bounds resulting in a buffer overflow on the stack. An
 attacker can construct a malicious OFX file to trigger this vulnerability.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Cory Duplantis
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_libofx:
upstream_libofx: released (1:0.9.11-4, 1:0.9.10-1+deb9u1, 1:0.9.4-2.1+deb7u1)
precise/esm_libofx: DNE
trusty_libofx: ignored (reached end-of-life)
trusty/esm_libofx: DNE (trusty was needed)
vivid/ubuntu-core_libofx: DNE
xenial_libofx: released (1:0.9.10-1+deb8u1build0.16.04.1)
zesty_libofx: ignored (reached end-of-life)
artful_libofx: ignored (reached end-of-life)
bionic_libofx: not-affected (1:0.9.12-1)
cosmic_libofx: not-affected (1:0.9.12-1)
disco_libofx: not-affected (1:0.9.12-1)
devel_libofx: not-affected (1:0.9.12-1)