2 matches found
CVE-2017-2790
When processing a record type of 0x3c from a Workbook stream from an Excel file .xls, JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to...
CVE-2017-2790
CVE-2017-2790 affects JustSystems Ichitaro Office (Excel .xls handling). A heap-based buffer overflow arises when processing a Workbook record type 0x3c: the code reads a size, subtracts one, and uses the result as the memcpy length. An unchecked integer underflow (size becomes 0xffff) can be tri...