CVE-2017-2919

Name of the Vulnerable Software and Affected Versions libxls version 1.3.4

Description A stack-based buffer overflow issue exists in the xls getfcell function, allowing a specially crafted XLS file to cause memory corruption, potentially resulting in remote code execution. An attacker can exploit this by sending a malicious XLS file.

Recommendations For libxls version 1.3.4, as a temporary workaround, consider disabling the use of the xls getfcell function until a patch is available. Restrict access to handling XLS files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.