Описание
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.0.5-1 |
| devel | not-affected | 1.0.5-3 |
| esm-apps/bionic | not-affected | 1.0.5-1 |
| esm-apps/xenial | released | 1.0.2-1ubuntu0.1 |
| esm-infra-legacy/trusty | released | 1.0.0g-1ubuntu0.14.04.3 |
| precise/esm | DNE | |
| trusty | released | 1.0.0g-1ubuntu0.14.04.3 |
| trusty/esm | released | 1.0.0g-1ubuntu0.14.04.3 |
| upstream | released | 1.0.0g-1+deb8u5, 1.0.2-2+deb9u2 |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
An exploitable heap based buffer overflow vulnerability exists in the ...
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3