FreeXL Project FreeXL 1.0.3

CPE Details

FreeXL Project FreeXL 1.0.3
freexl_project
freexl
1.0.3
2019-12-02
12h33 +00:00
2019-12-02
12h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:freexl_project:freexl:1.0.3:*:*:*:*:*:*:*

Informations

Vendor

freexl_project

Product

freexl

Version

1.0.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-2923 2018-04-24 19h00 +00:00 An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
8.8
High
CVE-2017-2924 2018-04-24 19h00 +00:00 An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
8.8
High
CVE-2018-7435 2018-02-23 20h00 +00:00 An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.
8.8
High
CVE-2018-7436 2018-02-23 20h00 +00:00 An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.
8.8
High
CVE-2018-7437 2018-02-23 20h00 +00:00 An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.
8.8
High
CVE-2018-7438 2018-02-23 20h00 +00:00 An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.
8.8
High
CVE-2018-7439 2018-02-23 20h00 +00:00 An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.
8.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.