FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

freexl -- integer overflow

Affected packages
freexl < 1.0.2

Details

VuXML ID a59e263a-45cd-11e5-adde-14dae9d210b8
Discovery 2015-07-06
Entry 2015-08-18

Stefan Cornelius reports:

There's an integer overflow in the allocate_cells() function when trying to allocate the memory for worksheet with specially crafted row/column dimensions. This can be exploited to cause a heap memory corruption. The most likely outcome of this is a crash when trying to initialize the cells later in the function.

References

URL http://www.openwall.com/lists/oss-security/2015/07/06/7