Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Mar 2015 19:27:21 -0500
From: Jodie Cunningham <jodie.cunningham@...il.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE Request: Multiple vulnerabilities in freexl 1.0.0g

Hi,

I found multiple issues in the library FreeXL 1.0.0g.
The vendor has corrected these issues in FreeXL 1.0.1 , and a diff for
the four issues is available here:
https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1

FreeXL 1.0.1 itself has been released here:
http://www.gaia-gis.it/gaia-sins/freexl-1.0.1.tar.gz

To reproduce:
./test_xl $reproducer


#1:  A flaw was found in the way FreeXL reads sectors from the input
file.  A specially crafted file could possibly result in stack
corruption near freexl.c:3752.

Reproducer: https://www.dropbox.com/s/3htzndywvtmomlx/freexl_9f74b0e8?dl=0

#2: A flaw was found in the function allocate_cells(). A specially
crafted file with invalid workbook dimensions could possibly result in
stack corruption near freexl.c:1074

Reproducer: https://www.dropbox.com/s/dcnbbntf7lp03yn/freexl_c9be2aa7?dl=0

#3: A flaw was found in the way FreeXL handles a premature EOF. A
specially crafted input file could possibly result in stack corruption
near freexl.c:1131

Reproducer: https://www.dropbox.com/s/66srfory903w6cl/freexl_d7273f72?dl=0

#4: FreeXL 1.0.0g did not properly check requests for workbook memory
allocation. A specially crafted input file could cause a Denial of
Service, or possibly write onto the stack.

Reproducer (ulimit -Sv 128000):
https://www.dropbox.com/s/gh61gzaf8jj30hj/freexl_6889d18b?dl=0


Regards,
-Jodie Cunningham

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ