An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
References
Link | Resource |
---|---|
https://security.gentoo.org/glsa/202003-64 | Third Party Advisory |
https://www.debian.org/security/2018/dsa-4173 | Third Party Advisory |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403 | Third Party Advisory |
Configurations
History
03 Jun 2022, 19:51
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202003-64 - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2018/dsa-4173 - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
Information
Published : 2017-11-20 22:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-2896
Mitre link : CVE-2017-2896
CVE.ORG link : CVE-2017-2896
JSON object : View
Products Affected
debian
- debian_linux
libxls_project
- libxls
CWE
CWE-787
Out-of-bounds Write