Candidate: CVE-2017-12111
PublicDate: 2017-11-20 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463
Description:
 An exploitable out-of-bounds vulnerability exists in the xls_addCell
 function of libxls 1.4. A specially crafted XLS file with a formula record
 can cause memory corruption resulting in remote code execution. An attacker
 can send a malicious XLS file to trigger this vulnerability.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_r-cran-readxl:
upstream_r-cran-readxl: released (1.0.0-2, 0.1.1-1+deb9u1)
precise/esm_r-cran-readxl: DNE
trusty_r-cran-readxl: DNE
trusty/esm_r-cran-readxl: DNE
xenial_r-cran-readxl: ignored (end of standard support, was needed)
zesty_r-cran-readxl: ignored (reached end-of-life)
artful_r-cran-readxl: ignored (reached end-of-life)
bionic_r-cran-readxl: not-affected (1.0.0-2)
cosmic_r-cran-readxl: not-affected (1.0.0-2)
disco_r-cran-readxl: not-affected (1.0.0-2)
eoan_r-cran-readxl: not-affected (1.0.0-2)
focal_r-cran-readxl: not-affected (1.0.0-2)
groovy_r-cran-readxl: not-affected (1.0.0-2)
hirsute_r-cran-readxl: not-affected (1.0.0-2)
impish_r-cran-readxl: not-affected (1.0.0-2)
jammy_r-cran-readxl: not-affected (1.0.0-2)
devel_r-cran-readxl: not-affected (1.0.0-2)