Lucene search

FreeBSDAC98D090-45CC-11E5-ADDE-14DAE9D210B8

HistoryMar 24, 2015 - 12:00 a.m.

freexl -- multiple vulnerabilities

2015-03-2400:00:00

vuxml.freebsd.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.033 Low

EPSS

Percentile

91.3%

JSON

Jodie Cunningham reports:

#1: A flaw was found in the way FreeXL reads sectors from
the input file. A specially crafted file could possibly
result in stack corruption near freexl.c:3752.
#2: A flaw was found in the function allocate_cells(). A
specially crafted file with invalid workbook dimensions
could possibly result in stack corruption near freexl.c:1074
#3: A flaw was found in the way FreeXL handles a premature EOF. A
specially crafted input file could possibly result in stack corruption
near freexl.c:1131
#4: FreeXL 1.0.0g did not properly check requests for workbook memory
allocation. A specially crafted input file could cause a Denial of
Service, or possibly write onto the stack.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreexl< 1.0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	freexl	< 1.0.1	UNKNOWN

References

www.openwall.com/lists/oss-security/2015/03/25/1

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for AC98D090-45CC-11E5-ADDE-14DAE9D210B8