PT-2018-5352 · Libxls · Libxls

Published

2018-04-16

Updated

2022-04-19

CVE-2017-12109

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libxls version 1.4

Description An integer overflow issue exists in the xls preparseWorkSheet function when handling a MULRK record, allowing a specially crafted XLS file to cause memory corruption and potentially result in remote code execution. An attacker can exploit this by sending a malicious XLS file.

Recommendations For libxls version 1.4, consider avoiding the use of the xls preparseWorkSheet function until a patch is available, or refrain from handling untrusted XLS files to minimize the risk of exploitation.

Exploit

Fix

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2017-12109

DSA-4173-1

Affected Products

Libxls

PT-2018-5352 · Libxls · Libxls

CVE-2017-12109

Weakness Enumeration

Related Identifiers

Affected Products

References · 20