FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
555cd806-b031-11e7-a369-14dae9d59f67	Multiple exploitable heap-based buffer overflow vulnerabilities exists in FreeXL 1.0.3 Cisco TALOS reports: An exploitable heap based buffer overflow vulnerability exists in the read_biff_next_record function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Discovery 2017-09-11 Entry 2017-10-13 freexl < 1.0.4 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430 CVE-2017-2923 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431 CVE-2017-2924
a59e263a-45cd-11e5-adde-14dae9d210b8	freexl -- integer overflow Stefan Cornelius reports: There's an integer overflow in the allocate_cells() function when trying to allocate the memory for worksheet with specially crafted row/column dimensions. This can be exploited to cause a heap memory corruption. The most likely outcome of this is a crash when trying to initialize the cells later in the function. Discovery 2015-07-06 Entry 2015-08-18 freexl < 1.0.2 http://www.openwall.com/lists/oss-security/2015/07/06/7
ac98d090-45cc-11e5-adde-14dae9d210b8	freexl -- multiple vulnerabilities Jodie Cunningham reports: #1: A flaw was found in the way FreeXL reads sectors from the input file. A specially crafted file could possibly result in stack corruption near freexl.c:3752. #2: A flaw was found in the function allocate_cells(). A specially crafted file with invalid workbook dimensions could possibly result in stack corruption near freexl.c:1074 #3: A flaw was found in the way FreeXL handles a premature EOF. A specially crafted input file could possibly result in stack corruption near freexl.c:1131 #4: FreeXL 1.0.0g did not properly check requests for workbook memory allocation. A specially crafted input file could cause a Denial of Service, or possibly write onto the stack. Discovery 2015-03-24 Entry 2015-08-18 freexl < 1.0.1 http://www.openwall.com/lists/oss-security/2015/03/25/1 CVE-2015-2776

VuXML ID

Description

555cd806-b031-11e7-a369-14dae9d59f67

Multiple exploitable heap-based buffer overflow vulnerabilities exists in FreeXL 1.0.3

Cisco TALOS reports:

An exploitable heap based buffer overflow vulnerability exists in the read_biff_next_record function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Discovery 2017-09-11
Entry 2017-10-13
freexl

< 1.0.4

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430
CVE-2017-2923
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431
CVE-2017-2924

a59e263a-45cd-11e5-adde-14dae9d210b8

freexl -- integer overflow

Stefan Cornelius reports:

There's an integer overflow in the allocate_cells() function when trying to allocate the memory for worksheet with specially crafted row/column dimensions. This can be exploited to cause a heap memory corruption. The most likely outcome of this is a crash when trying to initialize the cells later in the function.

Discovery 2015-07-06
Entry 2015-08-18
freexl

< 1.0.2

http://www.openwall.com/lists/oss-security/2015/07/06/7

ac98d090-45cc-11e5-adde-14dae9d210b8

freexl -- multiple vulnerabilities

Jodie Cunningham reports:

#1: A flaw was found in the way FreeXL reads sectors from the input file. A specially crafted file could possibly result in stack corruption near freexl.c:3752.

#2: A flaw was found in the function allocate_cells(). A specially crafted file with invalid workbook dimensions could possibly result in stack corruption near freexl.c:1074

#3: A flaw was found in the way FreeXL handles a premature EOF. A specially crafted input file could possibly result in stack corruption near freexl.c:1131

#4: FreeXL 1.0.0g did not properly check requests for workbook memory allocation. A specially crafted input file could cause a Denial of Service, or possibly write onto the stack.

Discovery 2015-03-24
Entry 2015-08-18
freexl

< 1.0.1

http://www.openwall.com/lists/oss-security/2015/03/25/1
CVE-2015-2776