oss-sec mailing list archives
CVE Request: Multiple vulnerabilities in freexl 1.0.0g
From: Jodie Cunningham <jodie.cunningham () gmail com>
Date: Tue, 24 Mar 2015 19:27:21 -0500
Hi, I found multiple issues in the library FreeXL 1.0.0g. The vendor has corrected these issues in FreeXL 1.0.1 , and a diff for the four issues is available here: https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1 FreeXL 1.0.1 itself has been released here: http://www.gaia-gis.it/gaia-sins/freexl-1.0.1.tar.gz To reproduce: ./test_xl $reproducer #1: A flaw was found in the way FreeXL reads sectors from the input file. A specially crafted file could possibly result in stack corruption near freexl.c:3752. Reproducer: https://www.dropbox.com/s/3htzndywvtmomlx/freexl_9f74b0e8?dl=0 #2: A flaw was found in the function allocate_cells(). A specially crafted file with invalid workbook dimensions could possibly result in stack corruption near freexl.c:1074 Reproducer: https://www.dropbox.com/s/dcnbbntf7lp03yn/freexl_c9be2aa7?dl=0 #3: A flaw was found in the way FreeXL handles a premature EOF. A specially crafted input file could possibly result in stack corruption near freexl.c:1131 Reproducer: https://www.dropbox.com/s/66srfory903w6cl/freexl_d7273f72?dl=0 #4: FreeXL 1.0.0g did not properly check requests for workbook memory allocation. A specially crafted input file could cause a Denial of Service, or possibly write onto the stack. Reproducer (ulimit -Sv 128000): https://www.dropbox.com/s/gh61gzaf8jj30hj/freexl_6889d18b?dl=0 Regards, -Jodie Cunningham
Current thread:
- CVE Request: Multiple vulnerabilities in freexl 1.0.0g Jodie Cunningham (Mar 24)
- Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign (Mar 26)
- Re: Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Alexander Cherepanov (Mar 27)
- Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign (Mar 27)
- Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Jodie Cunningham (Mar 27)
- Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign (Mar 27)
- Re: Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Alexander Cherepanov (Mar 27)
- Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign (Mar 26)