Unrated severityNVD Advisory· Published Dec 19, 2013· Updated Jun 17, 2026
CVE-2013-6836
CVE-2013-6836
Description
Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:gnome:gnumeric:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:gnome:gnumeric:*:*:*:*:*:*:*:*range: <=1.12.8
- cpe:2.3:a:gnome:gnumeric:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnumeric:1.12.7:*:*:*:*:*:*:*
- (no CPE)range: < 1.12.9
Patches
Vulnerability mechanics
References
6- bugzilla.gnome.org/show_bug.cginvdExploit
- git.gnome.org/browse/gnumeric/commit/nvdExploitPatch
- projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtmlnvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2014-02/msg00018.htmlnvd
- secunia.com/advisories/56678nvd
- www.securityfocus.com/bid/64459nvd
News mentions
0No linked articles in our index yet.