Hide Forgot
The following flaws have been found in FreeXL, a library that parses Microsoft Excel spreadsheets: #1: A flaw was found in the way FreeXL reads sectors from the input file. A specially crafted file could possibly result in stack corruption near freexl.c:3752. Reproducer: https://www.dropbox.com/s/3htzndywvtmomlx/freexl_9f74b0e8?dl=0 #2: A flaw was found in the function allocate_cells(). A specially crafted file with invalid workbook dimensions could possibly result in stack corruption near freexl.c:1074 Reproducer: https://www.dropbox.com/s/dcnbbntf7lp03yn/freexl_c9be2aa7?dl=0 #3: A flaw was found in the way FreeXL handles a premature EOF. A specially crafted input file could possibly result in stack corruption near freexl.c:1131 Reproducer: https://www.dropbox.com/s/66srfory903w6cl/freexl_d7273f72?dl=0 #4: FreeXL 1.0.0g did not properly check requests for workbook memory allocation. A specially crafted input file could cause a Denial of Service, or possibly write onto the stack. Reproducer (ulimit -Sv 128000): https://www.dropbox.com/s/gh61gzaf8jj30hj/freexl_6889d18b?dl=0 CVE assignments and original report at: http://seclists.org/oss-sec/2015/q1/1004 Upstream patch: https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1 These flaws are fixed in version 1.0.1 of FreeXL: http://www.gaia-gis.it/gaia-sins/freexl-1.0.1.tar.gz
These flaws have already been fixed in Fedora via: FEDORA-2015-4444 freexl-1.0.1-1.fc20 FEDORA-2015-4435 freexl-1.0.1-1.fc21 FEDORA-2015-4431 freexl-1.0.1-1.fc22
Created freexl tracking bugs for this issue: Affects: epel-6 [bug 1207143] Affects: epel-7 [bug 1207144]