PT-2018-7226 · Freexl · Freexl

Published

2017-09-17

Updated

2024-06-15

CVE-2017-2924

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: FreeXL version 1.0.3

Description: A heap-based buffer overflow issue exists in the read legacy biff function, allowing remote code execution through memory corruption. This can be triggered by a specially crafted XLS file sent by an attacker.

Recommendations: For FreeXL version 1.0.3, consider avoiding the use of the read legacy biff function until a patch is available. As a temporary workaround, restrict the handling of XLS files from untrusted sources to minimize the risk of exploitation.

Fix

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2017-2924

DLA-1098-1

DSA-3976-1

OPENSUSE-SU-2017:2537-1

OPENSUSE-SU-2017:2539-1

OPENSUSE-SU-2024:10771-1

Affected Products

Freexl

PT-2018-7226 · Freexl · Freexl

CVE-2017-2924

Weakness Enumeration

Related Identifiers

Affected Products

References · 23