Date: Tue, 24 Mar 2015 19:27:21 -0500 From: Jodie Cunningham <jodie.cunningham@...il.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Hi, I found multiple issues in the library FreeXL 1.0.0g. The vendor has corrected these issues in FreeXL 1.0.1 , and a diff for the four issues is available here: https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1 FreeXL 1.0.1 itself has been released here: http://www.gaia-gis.it/gaia-sins/freexl-1.0.1.tar.gz To reproduce: ./test_xl $reproducer #1: A flaw was found in the way FreeXL reads sectors from the input file. A specially crafted file could possibly result in stack corruption near freexl.c:3752. Reproducer: https://www.dropbox.com/s/3htzndywvtmomlx/freexl_9f74b0e8?dl=0 #2: A flaw was found in the function allocate_cells(). A specially crafted file with invalid workbook dimensions could possibly result in stack corruption near freexl.c:1074 Reproducer: https://www.dropbox.com/s/dcnbbntf7lp03yn/freexl_c9be2aa7?dl=0 #3: A flaw was found in the way FreeXL handles a premature EOF. A specially crafted input file could possibly result in stack corruption near freexl.c:1131 Reproducer: https://www.dropbox.com/s/66srfory903w6cl/freexl_d7273f72?dl=0 #4: FreeXL 1.0.0g did not properly check requests for workbook memory allocation. A specially crafted input file could cause a Denial of Service, or possibly write onto the stack. Reproducer (ulimit -Sv 128000): https://www.dropbox.com/s/gh61gzaf8jj30hj/freexl_6889d18b?dl=0 Regards, -Jodie Cunningham
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.