Vendor
Libxls
Products
1
CVEs
7
Across products
7
Status
Private
Products
1- 7 CVEs
Recent CVEs
7| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-12111 | Hig | 0.57 | 8.8 | 0.01 | Nov 20, 2017 | An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. | |
| CVE-2017-12110 | Hig | 0.57 | 8.8 | 0.01 | Nov 20, 2017 | An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution. | |
| CVE-2017-2919 | Hig | 0.51 | 7.8 | 0.01 | Nov 20, 2017 | An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability | |
| CVE-2017-2897 | Hig | 0.51 | 7.8 | 0.00 | Nov 20, 2017 | An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | |
| CVE-2017-2896 | Hig | 0.51 | 7.8 | 0.01 | Nov 20, 2017 | An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | |
| CVE-2017-12109 | 0.00 | — | 0.01 | Apr 24, 2018 | An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | ||
| CVE-2017-12108 | 0.00 | — | 0.01 | Apr 24, 2018 | An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. |