FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 06:51:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
555cd806-b031-11e7-a369-14dae9d59f67	Multiple exploitable heap-based buffer overflow vulnerabilities exists in FreeXL 1.0.3 Cisco TALOS reports: An exploitable heap based buffer overflow vulnerability exists in the read_biff_next_record function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Discovery 2017-09-11 Entry 2017-10-13 freexl < 1.0.4 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430 CVE-2017-2923 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431 CVE-2017-2924
a59e263a-45cd-11e5-adde-14dae9d210b8	freexl -- integer overflow Stefan Cornelius reports: There's an integer overflow in the allocate_cells() function when trying to allocate the memory for worksheet with specially crafted row/column dimensions. This can be exploited to cause a heap memory corruption. The most likely outcome of this is a crash when trying to initialize the cells later in the function. Discovery 2015-07-06 Entry 2015-08-18 freexl < 1.0.2 http://www.openwall.com/lists/oss-security/2015/07/06/7

VuXML ID

Description

555cd806-b031-11e7-a369-14dae9d59f67

Multiple exploitable heap-based buffer overflow vulnerabilities exists in FreeXL 1.0.3

Cisco TALOS reports:

An exploitable heap based buffer overflow vulnerability exists in the read_biff_next_record function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Discovery 2017-09-11
Entry 2017-10-13
freexl

< 1.0.4

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430
CVE-2017-2923
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431
CVE-2017-2924

a59e263a-45cd-11e5-adde-14dae9d210b8

freexl -- integer overflow

Stefan Cornelius reports:

There's an integer overflow in the allocate_cells() function when trying to allocate the memory for worksheet with specially crafted row/column dimensions. This can be exploited to cause a heap memory corruption. The most likely outcome of this is a crash when trying to initialize the cells later in the function.

Discovery 2015-07-06
Entry 2015-08-18
freexl

< 1.0.2

http://www.openwall.com/lists/oss-security/2015/07/06/7