CVE-2019-9656

Published: 11 March 2019

An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.

Priority

Negligible

CVSS 3 base score: 8.8

Status

Package Release Status
libofx
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1:0.9.15-2build1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:0.9.15-2build1)
Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:0.9.10-1+deb8u2build0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)