CVE-2009-0318

CVE-2009-0318 is an untrusted search path vulnerability in the Gnumeric GObject Python wrapper that allows local users to execute arbitrary code via a Trojan Python file in the current working directory, related to the PySys_SetArgv issue (CVE-2008-5983). The linked Nessus/OpenVAS entries confirm...

CVE-2013-6836

CVE-2013-6836 affects GNOME Office Gnumeric, with a heap-based buffer overflow in the ms_escher_get_data function when processing crafted xls files. A crafted length value in an xls file can trigger a denial of service (crash) against Gnumeric versions before 1.12.9. Mitigation in the connected d...

CVE-2008-0668

CVE-2008-0668 affects Gnumeric’s Microsoft Excel plugin (excel_read_HLINK) in the gnumeric package prior to version 1.8.1. A crafted XLS file with HLINK opcodes can trigger an integer signedness error that causes an integer overflow, enabling arbitrary code execution by user-assisted remote attac...