Published: 20/11/2017 Updated: 19/04/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libxls project libxls 1.4

Debian Bug report logs - #895564 CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12111 CVE-2017-12110 Package: r-cran-readxl; Maintainer for r-cran-readxl is Dirk Eddelbuettel <edd@debianorg>; Source for r-cran-readxl is src:r-cran-readxl (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date ...

Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R package to read Excel files (via the integrated libxls library), which could result in the execution of arbitrary code if a malformed spreadsheet is processed For the stable distribution (stretch), these problems have been fixed in version 011-1+deb9u1 We recommend that you upgr ...

CWE-787 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463 https://www.debian.org/security/2018/dsa-4173 https://security.gentoo.org/glsa/202003-64 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564 https://nvd.nist.gov https://www.debian.org/security/./dsa-4173

CVE-2017-12111

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect