An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Cisco TALOS reports :

An exploitable heap based buffer overflow vulnerability exists in the read_biff_next_record function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution.
An attacker can send malicious XLS file to trigger this vulnerability.

This update for freexl to version 1.0.4 fixes several issues.

These security issues were fixed :

  - CVE-2017-2924: Prevent heap-based buffer overflow in the     read_legacy_biff function (bsc#1058433).

  - CVE-2017-2923: Prevent heap-based buffer overflow in the     read_biff_next_record function (bsc#1058431).

Marcin 'Icewall' Noga of Cisco Talos discovered two vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.

The Cisco Talos team reported two sensitive security issues affecting FreeXL-1.0.3 and any previous version.

CVE-2017-2923

An exploitable heap based buffer overflow vulnerability exists in the read_biff_next_record function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

CVE-2017-2924

An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution.
An attacker can send malicious XLS file to trigger this vulnerability.

For Debian 7 'Wheezy', these problems have been fixed in version 1.0.0b-1+deb7u4.

We recommend that you upgrade your freexl packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
103840	FreeBSD : Multiple exploitable heap-based buffer overflow vulnerabilities exists in FreeXL 1.0.3 (555cd806-b031-11e7-a369-14dae9d59f67)	Nessus	FreeBSD Local Security Checks	high
103398	openSUSE Security Update : freexl (openSUSE-2017-1082)	Nessus	SuSE Local Security Checks	high
103261	Debian DSA-3976-1 : freexl - security update	Nessus	Debian Local Security Checks	high
103258	Debian DLA-1098-1 : freexl security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2017-2924

high

Tenable Plugins

high

high

high

high