FreeXL: Multiple vulnerabilities — GLSA 201606-15

Multiple vulnerabilities have been found in FreeXL, allowing remote attackers to executive arbitrary code or cause Denial of Service.

Affected Packages

dev-libs/freexl on all architectures
Affected versions < 1.0.1
Unaffected versions >= 1.0.1

Background

FreeXL is an open source library to extract valid data from within an Excel (.xls) spreadsheet.

Description

FreeXL’s shared strings and workbook functions are vulnerable to the remote execution of arbitrary code and Denial of Service. This can be achieved through specially crafted workbooks from attackers.

Impact

Remote attackers could potentially execute arbitrary code or cause Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All FreeXL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "dev-libs/freexl-1.0.1"
 

References

Release Date
June 26, 2016

Latest Revision
June 26, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries