CVE-2008-0668

Name of the Vulnerable Software and Affected Versions Gnumeric versions prior to 1.8.1 Gnumeric-doc (affected versions not specified) Gnumeric-plugins-extra (affected versions not specified) Gnumeric-common (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the Gnumeric package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the excel read HLINK function in Gnumeric before version 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes.

Recommendations For Gnumeric versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. For Gnumeric-doc, Gnumeric-plugins-extra, and Gnumeric-common, at the moment, there is no information about a newer version that contains a fix for this vulnerability.