Candidate: CVE-2018-7436
PublicDate: 2018-02-23 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7436
 https://bugzilla.redhat.com/show_bug.cgi?id=1547883
 https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE
Description:
 An issue was discovered in FreeXL before 1.0.5. There is a heap-based
 buffer over-read in a pointer dereference of the parse_SST function.
Ubuntu-Description:
 It was discovered that FreeXL did not properly handle certain input, resulting
 in a beap-based buffer over-read. If a user were tricked into opening a malicious
 Excel spreadsheet, FreeXL could potentially leak sensitive information.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mikesalvatore
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_freexl:
upstream_freexl: released (1.0.5-1)
precise/esm_freexl: DNE
trusty_freexl: released (1.0.0g-1ubuntu0.14.04.3)
trusty/esm_freexl: released (1.0.0g-1ubuntu0.14.04.3)

xenial_freexl: released (1.0.2-1ubuntu0.1)

artful_freexl: ignored (reached end-of-life)
bionic_freexl: not-affected (1.0.5-1)
devel_freexl: not-affected (1.0.5-3)