PT-2017-12353 · Libxls · Libxls

Marcin Noga

Published

2017-11-20

Updated

2022-04-19

CVE-2017-12110

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libxls version 1.4

Description An integer overflow issue exists in the xls appendSST function, allowing remote code execution through memory corruption caused by a specially crafted XLS file.

Recommendations For libxls version 1.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2017-12110

DSA-4173-1

Affected Products

Libxls

PT-2017-12353 · Libxls · Libxls

CVE-2017-12110

Weakness Enumeration

Related Identifiers

Affected Products

References · 23