What Are You Looking For?


Package        : freexl
Version        : 1.0.0b-1+deb7u5
CVE ID         : CVE-2018-7435 CVE-2018-7436 CVE-2018-7437 CVE-2018-7438
                 CVE-2018-7439


Leon reported five heap-based buffer-overflow vulnerabilities in FreeXL.

CVE-2018-7435

    There is a heap-based buffer over-read in the freexl::destroy_cell
    function.

CVE-2018-7436

    There is a heap-based buffer over-read in a pointer dereference of
    the parse_SST function.

CVE-2018-7437

    There is a heap-based buffer over-read in a memcpy call of the
    parse_SST function.

CVE-2018-7438

    There is a heap-based buffer over-read in the parse_unicode_string
    function.

CVE-2018-7439

    There is a heap-based buffer over-read in the function
    read_mini_biff_next_record.

For Debian 7 "Wheezy", these problems have been fixed in version
1.0.0b-1+deb7u5.

We recommend that you upgrade your freexl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-1297-1: freexl security update

March 1, 2018

Leon reported five heap-based buffer-overflow vulnerabilities in FreeXL

Summary

CVE-2018-7435

There is a heap-based buffer over-read in the freexl::destroy_cell
function.

CVE-2018-7436

There is a heap-based buffer over-read in a pointer dereference of
the parse_SST function.

CVE-2018-7437

There is a heap-based buffer over-read in a memcpy call of the
parse_SST function.

CVE-2018-7438

There is a heap-based buffer over-read in the parse_unicode_string
function.

CVE-2018-7439

There is a heap-based buffer over-read in the function
read_mini_biff_next_record.

For Debian 7 "Wheezy", these problems have been fixed in version
1.0.0b-1+deb7u5.

We recommend that you upgrade your freexl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Severity

Package : freexl

Version : 1.0.0b-1+deb7u5

CVE ID : CVE-2018-7435 CVE-2018-7436 CVE-2018-7437 CVE-2018-7438

What Are You Looking For?

Debian LTS: DLA-1297-1: freexl security update

Summary

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Critical Exim RCE, Info Disclosure Bugs Fixed

Critical Node.js Info Disclosure, Code Execution Bugs Fixed

Multiple Severe, Remotely Exploitable Chromium Vulns Fixed

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management

A Complete Guide to Torrenting Safely in 2024

Cloud Security Basics for Small Businesses

Scanning and Defending Networks with Nmap

CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

What Are You Looking For?

Debian LTS: DLA-1297-1: freexl security update

Summary

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By