CVE-2017-2923
Publication date 24 April 2018
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
An exploitable heap based buffer overflow vulnerability exists in the ‘read_biff_next_record function’ of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
From the Ubuntu Security Team
It was discovered that FreeXL did not properly handle certain input, resulting in a beap-based buffer overflow. If a user were tricked into opening a malicious Excel spreadsheet, an attacker could execute arbitrary code.
Status
Package | Ubuntu Release | Status |
---|---|---|
freexl | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 1.0.2-1ubuntu0.1
|
|
14.04 LTS trusty |
Fixed 1.0.0g-1ubuntu0.14.04.3
|
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |