Heap-Based Buffer Overflow in Gnumeric Affects GNOME Office
CVE-2013-6836

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnumeric
Vendor: CVE Published:; 19 December 2013

Summary

A heap-based buffer overflow vulnerability exists in the ms_escher_get_data function within the GNOME Office Gnumeric application prior to version 1.12.9. This vulnerability can be exploited by remote attackers through a specially crafted XLS file that contains an invalid length value, potentially leading to application crashes and denial of service. It is crucial for users to update to the latest version to mitigate this risk.

References

http://lists.opensuse.org/opensuse-updates/2014-02/msg000...

vendor-advisoryx_refsource_SUSE

https://git.gnome.org/browse/gnumeric/commit/?id=b5480b69...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/64459

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 19, 2013
Vulnerability Reserved
Nov 20, 2013