← Back

Ledger

ledger

Vendor: Ledger Cli • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-2808
1Ledger Cli
1Ledger
May 13, 2026
Sep 5, 2017
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution....Show more
An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.Show less
CVE-2017-2807
1Ledger Cli
1Ledger
May 13, 2026
Sep 5, 2017
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can const...Show more
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability.Show less
CVE-2017-12482
1Ledger Cli
1Ledger
May 13, 2026
Aug 4, 2017
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact...Show more
The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.Show less
CVE-2017-12481
1Ledger Cli
1Ledger
May 13, 2026
Aug 4, 2017
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.