CVE-2017-2807

Summary

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
LedgerLedger CLI3.1.1affected

Weaknesses

  • remote code execution

ADP Enrichment

CVE Program Container

Additional References

References