Thilo Pfennig

**Name of the Vulnerable Software and Affected Versions** Gnumeric versions prior to 1.8.1 Gnumeric-doc (affected versions not specified) Gnumeric-plugins-extra (affected versions not specified) Gnumeric-common (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the Gnumeric package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the `excel read HLINK` function in Gnumeric before version 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes. **Recommendations** For Gnumeric versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. For Gnumeric-doc, Gnumeric-plugins-extra, and Gnumeric-common, at the moment, there is no information about a newer version that contains a fix for this vulnerability.