CVE-2017-2924
Publication date 24 April 2018
Last updated 25 August 2025
Ubuntu priority
Description
An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
From the Ubuntu Security Team
It was discovered that FreeXL did not properly handle certain input, resulting in a beap-based buffer overflow. If a user were tricked into opening a malicious Excel spreadsheet, an attacker could execute arbitrary code.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| freexl | 18.04 LTS bionic |
Not affected
|
| 16.04 LTS xenial |
Fixed 1.0.2-1ubuntu0.1
|
|
| 14.04 LTS trusty |
Fixed 1.0.0g-1ubuntu0.14.04.3
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |