CVE-2017-2896

An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:libxls_project:libxls:1.4:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

03 Jun 2022, 19:51

Type Values Removed Values Added
First Time Debian debian Linux
Debian
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
References (DEBIAN) https://www.debian.org/security/2018/dsa-4173 - (DEBIAN) https://www.debian.org/security/2018/dsa-4173 - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202003-64 - (GENTOO) https://security.gentoo.org/glsa/202003-64 - Third Party Advisory

Information

Published : 2017-11-20 22:29

Updated : 2023-12-10 12:15


NVD link : CVE-2017-2896

Mitre link : CVE-2017-2896

CVE.ORG link : CVE-2017-2896


JSON object : View

Products Affected

debian

  • debian_linux

libxls_project

  • libxls
CWE
CWE-787

Out-of-bounds Write