Published: 20/11/2017 Updated: 03/06/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libxls project libxls 1.4
debian debian linux 10.0

Debian Bug report logs - #895564 CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12111 CVE-2017-12110 Package: r-cran-readxl; Maintainer for r-cran-readxl is Dirk Eddelbuettel <edd@debianorg>; Source for r-cran-readxl is src:r-cran-readxl (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date ...

Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R package to read Excel files (via the integrated libxls library), which could result in the execution of arbitrary code if a malformed spreadsheet is processed For the stable distribution (stretch), these problems have been fixed in version 011-1+deb9u1 We recommend that you upgr ...

CWE-787 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403 https://www.debian.org/security/2018/dsa-4173 https://security.gentoo.org/glsa/202003-64 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564 https://nvd.nist.gov https://www.debian.org/security/./dsa-4173

CVE-2017-2896

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect