---
gem: ox
cve: 2017-15928
url: https://github.com/ohler55/ox/issues/194
date: 2017-10-27
title: ox ruby gem segmentation fault via parse_obj
description: |
  In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation
  fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated
  "Ox should handle the error more gracefully" but has not confirmed a security implication.

cvss_v3: 7.5
cvss_v2: 5.0

patched_versions:
  - ">= 2.8.1"