Integer Overflow Vulnerability in Gnumeric Spreadsheet by Gnome
CVE-2008-0668

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnumeric
Vendor: CVE Published:; 11 February 2008

Summary

The Gnumeric spreadsheet application by Gnome contains a vulnerability in the excel_read_HLINK function, allowing remote attackers to exploit crafted XLS files. By exploiting an integer signedness error leading to an integer overflow, attackers can execute arbitrary code when a user opens a malicious XLS file. This flaw highlights the need for vigilance in how documents are handled and the importance of using updated software versions to mitigate such risks.

References

http://www.vupen.com/english/advisories/2008/0462

vdb-entryx_refsource_VUPEN

http://www.gnome.org/projects/gnumeric/announcements/1.8/...

x_refsource_CONFIRM

http://secunia.com/advisories/28948

third-party-advisoryx_refsource_SECUNIA

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 11, 2008
Vulnerability Reserved
Feb 11, 2008