Unrated severityNVD Advisory· Published Dec 19, 2013· Updated Apr 29, 2026
CVE-2013-6836
CVE-2013-6836
Description
Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.
Affected products
9cpe:2.3:a:gnome:gnumeric:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:gnome:gnumeric:*:*:*:*:*:*:*:*range: <=1.12.8
- cpe:2.3:a:gnome:gnumeric:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- bugzilla.gnome.org/show_bug.cginvdExploit
- git.gnome.org/browse/gnumeric/commit/nvdExploitPatch
- projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtmlnvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2014-02/msg00018.htmlnvd
- secunia.com/advisories/56678nvd
- www.securityfocus.com/bid/64459nvd
News mentions
0No linked articles in our index yet.