CVE-2017-2897

Name of the Vulnerable Software and Affected Versions libxls version 1.4

Description An exploitable out-of-bounds write vulnerability exists in the read MSAT function. A specially crafted XLS file can cause memory corruption, resulting in remote code execution. An attacker can send a malicious XLS file to trigger this issue.

Recommendations For libxls version 1.4, consider avoiding the use of the read MSAT function until a patch is available. As a temporary workaround, restrict the handling of XLS files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.