freexl is vulnerable to undefined behaviour through heap-based buffer over-read. The vulnerability exists in the `parse_unicode_string` of `freexl.c` where it is possible for a heap-based buffer over-read to occur, causing denial of service (DoS) and possibly other issues.
{"redhatcve": [{"lastseen": "2022-07-07T17:58:52", "description": "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-05-14T12:30:17", "type": "redhatcve", "title": "CVE-2018-7438", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7438"], "modified": "2022-07-07T11:04:13", "id": "RH:CVE-2018-7438", "href": "https://access.redhat.com/security/cve/cve-2018-7438", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-29T14:50:00", "description": "An issue was discovered in FreeXL before 1.0.5. There is a heap-based\nbuffer over-read in the parse_unicode_string function.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-02-23T00:00:00", "type": "ubuntucve", "title": "CVE-2018-7438", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7438"], "modified": "2018-02-23T00:00:00", "id": "UB:CVE-2018-7438", "href": "https://ubuntu.com/security/CVE-2018-7438", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-06-23T18:11:44", "description": "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-02-23T21:29:00", "type": "debiancve", "title": "CVE-2018-7438", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7438"], "modified": "2018-02-23T21:29:00", "id": "DEBIANCVE:CVE-2018-7438", "href": "https://security-tracker.debian.org/tracker/CVE-2018-7438", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-06-23T15:19:44", "description": "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-02-23T21:29:00", "type": "cve", "title": "CVE-2018-7438", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7438"], "modified": "2020-07-27T03:15:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2018-7438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7438", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-07-04T18:56:27", "description": "Multiple heap buffer over reads were discovered in freexl, a library to\nread Microsoft Excel spreadsheets, which could result in denial of\nservice.", "cvss3": {}, "published": "2018-03-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4129-1 (freexl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7439", "CVE-2018-7438", "CVE-2018-7435", "CVE-2018-7437", "CVE-2018-7436"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704129", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4129-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704129\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-7435\", \"CVE-2018-7436\", \"CVE-2018-7437\", \"CVE-2018-7438\", \"CVE-2018-7439\");\n script_name(\"Debian Security Advisory DSA 4129-1 (freexl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-02 00:00:00 +0100 (Fri, 02 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4129.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"freexl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 1.0.0g-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2-2+deb9u2.\n\nWe recommend that you upgrade your freexl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/freexl\");\n script_tag(name:\"summary\", value:\"Multiple heap buffer over reads were discovered in freexl, a library to\nread Microsoft Excel spreadsheets, which could result in denial of\nservice.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libfreexl-dev\", ver:\"1.0.0g-1+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libfreexl1\", ver:\"1.0.0g-1+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libfreexl1-dbg\", ver:\"1.0.0g-1+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libfreexl-dev\", ver:\"1.0.2-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libfreexl1\", ver:\"1.0.2-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libfreexl1-dbg\", ver:\"1.0.2-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-03-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for freexl (openSUSE-SU-2018:0570-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7439", "CVE-2018-7438", "CVE-2018-7435", "CVE-2018-7437", "CVE-2018-7436"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851712", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851712", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851712\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-03-02 08:42:04 +0100 (Fri, 02 Mar 2018)\");\n script_cve_id(\"CVE-2018-7435\", \"CVE-2018-7436\", \"CVE-2018-7437\", \"CVE-2018-7438\",\n \"CVE-2018-7439\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for freexl (openSUSE-SU-2018:0570-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freexl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for freexl fixes the following issues:\n\n freexl was updated to version 1.0.5:\n\n * No changelog provided by upstream\n\n * Various heapoverflows in 1.0.4 have been fixed:\n\n * CVE-2018-7439: heap-buffer-overflow in freexl.c:3912\n read_mini_biff_next_record (boo#1082774)\n\n * CVE-2018-7438: heap-buffer-overflow in freexl.c:383\n parse_unicode_string (boo#1082775)\n\n * CVE-2018-7437: heap-buffer-overflow in freexl.c:1866\n parse_SST(boo#1082776)\n\n * CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parse_SST\n parse_SST (boo#1082777)\n\n * CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell\n (boo#1082778)\");\n\n script_tag(name:\"affected\", value:\"freexl on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:0570-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"freexl-debugsource\", rpm:\"freexl-debugsource~1.0.5~8.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"freexl-devel\", rpm:\"freexl-devel~1.0.5~8.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreexl1\", rpm:\"libfreexl1~1.0.5~8.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreexl1-debuginfo\", rpm:\"libfreexl1-debuginfo~1.0.5~8.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:23", "description": "Leon reported five heap-based buffer-overflow vulnerabilities in FreeXL.\n\nCVE-2018-7435\n\n There is a heap-based buffer over-read in the freexl::destroy_cell\n function.\n\nCVE-2018-7436\n\n There is a heap-based buffer over-read in a pointer dereference of\n the parse_SST function.\n\nCVE-2018-7437\n\n There is a heap-based buffer over-read in a memcpy call of the\n parse_SST function.\n\nCVE-2018-7438\n\n There is a heap-based buffer over-read in the parse_unicode_string\n function.\n\nCVE-2018-7439\n\n There is a heap-based buffer over-read in the function\n read_mini_biff_next_record.", "cvss3": {}, "published": "2018-03-27T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for freexl (DLA-1297-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7439", "CVE-2018-7438", "CVE-2018-7435", "CVE-2018-7437", "CVE-2018-7436"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891297", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891297", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891297\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-7435\", \"CVE-2018-7436\", \"CVE-2018-7437\",\n \"CVE-2018-7438\", \"CVE-2018-7439\");\n script_name(\"Debian LTS: Security Advisory for freexl (DLA-1297-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-03-27 00:00:00 +0200 (Tue, 27 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"freexl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.0.0b-1+deb7u5.\n\nWe recommend that you upgrade your freexl packages.\");\n\n script_tag(name:\"summary\", value:\"Leon reported five heap-based buffer-overflow vulnerabilities in FreeXL.\n\nCVE-2018-7435\n\n There is a heap-based buffer over-read in the freexl::destroy_cell\n function.\n\nCVE-2018-7436\n\n There is a heap-based buffer over-read in a pointer dereference of\n the parse_SST function.\n\nCVE-2018-7437\n\n There is a heap-based buffer over-read in a memcpy call of the\n parse_SST function.\n\nCVE-2018-7438\n\n There is a heap-based buffer over-read in the parse_unicode_string\n function.\n\nCVE-2018-7439\n\n There is a heap-based buffer over-read in the function\n read_mini_biff_next_record.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libfreexl-dev\", ver:\"1.0.0b-1+deb7u5\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libfreexl1\", ver:\"1.0.0b-1+deb7u5\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libfreexl1-dbg\", ver:\"1.0.0b-1+deb7u5\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-06-23T16:30:40", "description": "### Background\n\nFreeXL is an open source library to extract valid data from within an Excel (.xls) spreadsheet. \n\n### Description\n\nMultiple vulnerabilities have been discovered in FreeXL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeXL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/freexl-1.0.5\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-27T00:00:00", "type": "gentoo", "title": "FreeXL: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7435", "CVE-2018-7436", "CVE-2018-7437", "CVE-2018-7438", "CVE-2018-7439"], "modified": "2020-07-27T00:00:00", "id": "GLSA-202007-44", "href": "https://security.gentoo.org/glsa/202007-44", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T13:01:31", "description": "Package : freexl\nVersion : 1.0.0b-1+deb7u5\nCVE ID : CVE-2018-7435 CVE-2018-7436 CVE-2018-7437 CVE-2018-7438\n CVE-2018-7439\n\n\nLeon reported five heap-based buffer-overflow vulnerabilities in FreeXL.\n\nCVE-2018-7435\n\n There is a heap-based buffer over-read in the freexl::destroy_cell\n function.\n\nCVE-2018-7436\n\n There is a heap-based buffer over-read in a pointer dereference of\n the parse_SST function.\n\nCVE-2018-7437\n\n There is a heap-based buffer over-read in a memcpy call of the\n parse_SST function.\n\nCVE-2018-7438\n\n There is a heap-based buffer over-read in the parse_unicode_string\n function.\n\nCVE-2018-7439\n\n There is a heap-based buffer over-read in the function\n read_mini_biff_next_record.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.0.0b-1+deb7u5.\n\nWe recommend that you upgrade your freexl packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-01T17:52:05", "type": "debian", "title": "[SECURITY] [DLA 1297-1] freexl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7435", "CVE-2018-7436", "CVE-2018-7437", "CVE-2018-7438", "CVE-2018-7439"], "modified": "2018-03-01T17:52:05", "id": "DEBIAN:DLA-1297-1:27DB6", "href": "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-02T15:49:15", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4129-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 02, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : freexl\nCVE ID : CVE-2018-7435 CVE-2018-7436 CVE-2018-7437 CVE-2018-7438 \n CVE-2018-7439\n\nMultiple heap buffer over reads were discovered in freexl, a library to\nread Microsoft Excel spreadsheets, which could result in denial of\nservice.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1.0.0g-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2-2+deb9u2.\n\nWe recommend that you upgrade your freexl packages.\n\nFor the detailed security status of freexl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/freexl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-02T20:42:04", "type": "debian", "title": "[SECURITY] [DSA 4129-1] freexl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7435", "CVE-2018-7436", "CVE-2018-7437", "CVE-2018-7438", "CVE-2018-7439"], "modified": "2018-03-02T20:42:04", "id": "DEBIAN:DSA-4129-1:AC543", "href": "https://lists.debian.org/debian-security-announce/2018/msg00054.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-18T03:55:08", "description": "Package : freexl\nVersion : 1.0.0b-1+deb7u5\nCVE ID : CVE-2018-7435 CVE-2018-7436 CVE-2018-7437 CVE-2018-7438\n CVE-2018-7439\n\n\nLeon reported five heap-based buffer-overflow vulnerabilities in FreeXL.\n\nCVE-2018-7435\n\n There is a heap-based buffer over-read in the freexl::destroy_cell\n function.\n\nCVE-2018-7436\n\n There is a heap-based buffer over-read in a pointer dereference of\n the parse_SST function.\n\nCVE-2018-7437\n\n There is a heap-based buffer over-read in a memcpy call of the\n parse_SST function.\n\nCVE-2018-7438\n\n There is a heap-based buffer over-read in the parse_unicode_string\n function.\n\nCVE-2018-7439\n\n There is a heap-based buffer over-read in the function\n read_mini_biff_next_record.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.0.0b-1+deb7u5.\n\nWe recommend that you upgrade your freexl packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-01T17:52:05", "type": "debian", "title": "[SECURITY] [DLA 1297-1] freexl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7435", "CVE-2018-7436", "CVE-2018-7437", "CVE-2018-7438", "CVE-2018-7439"], "modified": "2018-03-01T17:52:05", "id": "DEBIAN:DLA-1297-1:19AFC", "href": "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:26:23", "description": "Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service.", "cvss3": {}, "published": "2018-03-05T00:00:00", "type": "nessus", "title": "Debian DSA-4129-1 : freexl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7435", "CVE-2018-7436", "CVE-2018-7437", "CVE-2018-7438", "CVE-2018-7439"], "modified": "2019-03-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:freexl", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4129.NASL", "href": "https://www.tenable.com/plugins/nessus/107121", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4129. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107121);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/03/05 11:33:43\");\n\n script_cve_id(\"CVE-2018-7435\", \"CVE-2018-7436\", \"CVE-2018-7437\", \"CVE-2018-7438\", \"CVE-2018-7439\");\n script_xref(name:\"DSA\", value:\"4129\");\n\n script_name(english:\"Debian DSA-4129-1 : freexl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple heap buffer over reads were discovered in freexl, a library\nto read Microsoft Excel spreadsheets, which could result in denial of\nservice.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/freexl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/freexl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/freexl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4129\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the freexl packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 1.0.0g-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.0.2-2+deb9u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freexl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libfreexl-dev\", reference:\"1.0.0g-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libfreexl1\", reference:\"1.0.0g-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libfreexl1-dbg\", reference:\"1.0.0g-1+deb8u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libfreexl-dev\", reference:\"1.0.2-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libfreexl1\", reference:\"1.0.2-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libfreexl1-dbg\", reference:\"1.0.2-2+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:33", "description": "This update for freexl fixes the following issues :\n\nfreexl was updated to version 1.0.5 :\n\n - No changelog provided by upstream\n\n - Various heapoverflows in 1.0.4 have been fixed :\n\n - CVE-2018-7439: heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record (boo#1082774)\n\n - CVE-2018-7438: heap-buffer-overflow in freexl.c:383 parse_unicode_string (boo#1082775)\n\n - CVE-2018-7437: heap-buffer-overflow in freexl.c:1866 parse_SST(boo#1082776)\n\n - CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST (boo#1082777)\n\n - CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell (boo#1082778)", "cvss3": {}, "published": "2018-03-02T00:00:00", "type": "nessus", "title": "openSUSE Security Update : freexl (openSUSE-2018-217)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7435", "CVE-2018-7436", "CVE-2018-7437", "CVE-2018-7438", "CVE-2018-7439"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freexl-debugsource", "p-cpe:/a:novell:opensuse:freexl-devel", "p-cpe:/a:novell:opensuse:libfreexl1", "p-cpe:/a:novell:opensuse:libfreexl1-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-217.NASL", "href": "https://www.tenable.com/plugins/nessus/107113", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-217.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107113);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-7435\", \"CVE-2018-7436\", \"CVE-2018-7437\", \"CVE-2018-7438\", \"CVE-2018-7439\");\n\n script_name(english:\"openSUSE Security Update : freexl (openSUSE-2018-217)\");\n script_summary(english:\"Check for the openSUSE-2018-217 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for freexl fixes the following issues :\n\nfreexl was updated to version 1.0.5 :\n\n - No changelog provided by upstream\n\n - Various heapoverflows in 1.0.4 have been fixed :\n\n - CVE-2018-7439: heap-buffer-overflow in freexl.c:3912\n read_mini_biff_next_record (boo#1082774)\n\n - CVE-2018-7438: heap-buffer-overflow in freexl.c:383\n parse_unicode_string (boo#1082775)\n\n - CVE-2018-7437: heap-buffer-overflow in freexl.c:1866\n parse_SST(boo#1082776)\n\n - CVE-2018-7436: heap-buffer-overflow in freexl.c:1805\n parse_SST parse_SST (boo#1082777)\n\n - CVE-2018-7435: heap-buffer-overflow in\n freexl::destroy_cell (boo#1082778)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082778\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freexl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freexl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freexl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreexl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreexl1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"freexl-debugsource-1.0.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"freexl-devel-1.0.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libfreexl1-1.0.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libfreexl1-debuginfo-1.0.5-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freexl-debugsource / freexl-devel / libfreexl1 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:19:47", "description": "Leon reported five heap-based buffer-overflow vulnerabilities in FreeXL.\n\nCVE-2018-7435\n\nThere is a heap-based buffer over-read in the freexl::destroy_cell function.\n\nCVE-2018-7436\n\nThere is a heap-based buffer over-read in a pointer dereference of the parse_SST function.\n\nCVE-2018-7437\n\nThere is a heap-based buffer over-read in a memcpy call of the parse_SST function.\n\nCVE-2018-7438\n\nThere is a heap-based buffer over-read in the parse_unicode_string function.\n\nCVE-2018-7439\n\nThere is a heap-based buffer over-read in the function read_mini_biff_next_record.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.0.0b-1+deb7u5.\n\nWe recommend that you upgrade your freexl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-02T00:00:00", "type": "nessus", "title": "Debian DLA-1297-1 : freexl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7435", "CVE-2018-7436", "CVE-2018-7437", "CVE-2018-7438", "CVE-2018-7439"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libfreexl-dev", "p-cpe:/a:debian:debian_linux:libfreexl1", "p-cpe:/a:debian:debian_linux:libfreexl1-dbg", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1297.NASL", "href": "https://www.tenable.com/plugins/nessus/107105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1297-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107105);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-7435\", \"CVE-2018-7436\", \"CVE-2018-7437\", \"CVE-2018-7438\", \"CVE-2018-7439\");\n\n script_name(english:\"Debian DLA-1297-1 : freexl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Leon reported five heap-based buffer-overflow vulnerabilities in\nFreeXL.\n\nCVE-2018-7435\n\nThere is a heap-based buffer over-read in the freexl::destroy_cell\nfunction.\n\nCVE-2018-7436\n\nThere is a heap-based buffer over-read in a pointer dereference of the\nparse_SST function.\n\nCVE-2018-7437\n\nThere is a heap-based buffer over-read in a memcpy call of the\nparse_SST function.\n\nCVE-2018-7438\n\nThere is a heap-based buffer over-read in the parse_unicode_string\nfunction.\n\nCVE-2018-7439\n\nThere is a heap-based buffer over-read in the function\nread_mini_biff_next_record.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.0.0b-1+deb7u5.\n\nWe recommend that you upgrade your freexl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/freexl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfreexl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfreexl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfreexl1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libfreexl-dev\", reference:\"1.0.0b-1+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libfreexl1\", reference:\"1.0.0b-1+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libfreexl1-dbg\", reference:\"1.0.0b-1+deb7u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:46", "description": "The remote host is affected by the vulnerability described in GLSA-202007-44 (FreeXL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeXL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "GLSA-202007-44 : FreeXL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7435", "CVE-2018-7436", "CVE-2018-7437", "CVE-2018-7438", "CVE-2018-7439"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:freexl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202007-44.NASL", "href": "https://www.tenable.com/plugins/nessus/138967", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202007-44.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138967);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/30\");\n\n script_cve_id(\"CVE-2018-7435\", \"CVE-2018-7436\", \"CVE-2018-7437\", \"CVE-2018-7438\", \"CVE-2018-7439\");\n script_xref(name:\"GLSA\", value:\"202007-44\");\n\n script_name(english:\"GLSA-202007-44 : FreeXL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202007-44\n(FreeXL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeXL. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202007-44\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All FreeXL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/freexl-1.0.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freexl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/freexl\", unaffected:make_list(\"ge 1.0.5\"), vulnerable:make_list(\"lt 1.0.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeXL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2018-03-01T17:23:43", "description": "This update for freexl fixes the following issues:\n\n freexl was updated to version 1.0.5:\n\n * No changelog provided by upstream\n * Various heapoverflows in 1.0.4 have been fixed:\n\n * CVE-2018-7439: heap-buffer-overflow in freexl.c:3912\n read_mini_biff_next_record (boo#1082774)\n * CVE-2018-7438: heap-buffer-overflow in freexl.c:383\n parse_unicode_string (boo#1082775)\n * CVE-2018-7437: heap-buffer-overflow in freexl.c:1866\n parse_SST(boo#1082776)\n * CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parse_SST\n parse_SST (boo#1082777)\n * CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell\n (boo#1082778)\n\n", "cvss3": {}, "published": "2018-03-01T15:09:07", "type": "suse", "title": "Security update for freexl (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-7439", "CVE-2018-7438", "CVE-2018-7435", "CVE-2018-7437", "CVE-2018-7436"], "modified": "2018-03-01T15:09:07", "id": "OPENSUSE-SU-2018:0570-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00002.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-03-01T17:23:44", "description": "This update for freexl fixes the following issues:\n\n freexl was updated to version 1.0.5:\n\n * No changelog provided by upstream\n * Various heapoverflows in 1.0.4 have been fixed:\n\n * CVE-2018-7439: heap-buffer-overflow in freexl.c:3912\n read_mini_biff_next_record (boo#1082774)\n * CVE-2018-7438: heap-buffer-overflow in freexl.c:383\n parse_unicode_string (boo#1082775)\n * CVE-2018-7437: heap-buffer-overflow in freexl.c:1866\n parse_SST(boo#1082776)\n * CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parse_SST\n parse_SST (boo#1082777)\n * CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell\n (boo#1082778)\n\n", "cvss3": {}, "published": "2018-03-01T15:08:19", "type": "suse", "title": "Security update for freexl (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-7439", "CVE-2018-7438", "CVE-2018-7435", "CVE-2018-7437", "CVE-2018-7436"], "modified": "2018-03-01T15:08:19", "id": "OPENSUSE-SU-2018:0569-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00001.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-08-10T07:13:07", "description": "\nMultiple heap buffer over reads were discovered in freexl, a library to\nread Microsoft Excel spreadsheets, which could result in denial of\nservice.\n\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1.0.0g-1+deb8u5.\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2-2+deb9u2.\n\n\nWe recommend that you upgrade your freexl packages.\n\n\nFor the detailed security status of freexl please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/freexl](https://security-tracker.debian.org/tracker/freexl)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-02T00:00:00", "type": "osv", "title": "freexl - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7439", "CVE-2018-7438", "CVE-2018-7435", "CVE-2018-7437", "CVE-2018-7436"], "modified": "2022-08-10T07:12:59", "id": "OSV:DSA-4129-1", "href": "https://osv.dev/vulnerability/DSA-4129-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:10", "description": "\nLeon reported five heap-based buffer-overflow vulnerabilities in FreeXL.\n\n\n* [CVE-2018-7435](https://security-tracker.debian.org/tracker/CVE-2018-7435)\nThere is a heap-based buffer over-read in the freexl::destroy\\_cell\n function.\n* [CVE-2018-7436](https://security-tracker.debian.org/tracker/CVE-2018-7436)\nThere is a heap-based buffer over-read in a pointer dereference of\n the parse\\_SST function.\n* [CVE-2018-7437](https://security-tracker.debian.org/tracker/CVE-2018-7437)\nThere is a heap-based buffer over-read in a memcpy call of the\n parse\\_SST function.\n* [CVE-2018-7438](https://security-tracker.debian.org/tracker/CVE-2018-7438)\nThere is a heap-based buffer over-read in the parse\\_unicode\\_string\n function.\n* [CVE-2018-7439](https://security-tracker.debian.org/tracker/CVE-2018-7439)\nThere is a heap-based buffer over-read in the function\n read\\_mini\\_biff\\_next\\_record.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n1.0.0b-1+deb7u5.\n\n\nWe recommend that you upgrade your freexl packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-01T00:00:00", "type": "osv", "title": "freexl - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7439", "CVE-2018-7438", "CVE-2018-7435", "CVE-2018-7437", "CVE-2018-7436"], "modified": "2022-08-05T05:18:07", "id": "OSV:DLA-1297-1", "href": "https://osv.dev/vulnerability/DLA-1297-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
Undefined Behaviour Through Heap Buffer Over-read
