CVE-2013-6836

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnumeric
Vendor: CVE Published:; 19 December 2013

Summary

Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.

References

http://lists.opensuse.org/opensuse-updates/2014-02/msg000...

vendor-advisoryx_refsource_SUSE

https://git.gnome.org/browse/gnumeric/commit/?id=b5480b69...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/64459

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 19, 2013
Vulnerability Reserved
Nov 20, 2013