CVE-2017-2923 in Ubuntu

CVE-2017-2923

Priority

Description

An exploitable heap based buffer overflow vulnerability exists in the
'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS
file can cause a memory corruption resulting in remote code execution. An
attacker can send malicious XLS file to trigger this vulnerability.

Ubuntu-Description

It was discovered that FreeXL did not properly handle certain input, resulting
in a beap-based buffer overflow. If a user were tricked into opening a malicious
Excel spreadsheet, an attacker could execute arbitrary code.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2923
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430

Assigned-to

mikesalvatore

Notes

Package

Source: freexl (LP Ubuntu Debian)

Upstream:	released (1.0.0g-1+deb8u5, 1.0.2-2+deb9u2)
Ubuntu 18.04 LTS:	not-affected (1.0.5-1)
Ubuntu 14.04 ESM:	released (1.0.0g-1ubuntu0.14.04.3)

Patches:

More Information

Updated: 2022-04-13 12:58:43 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)