Vulnerability Details CVE-2015-2776
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.9%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.debian.org/security/2015/dsa-3208
- http://www.openwall.com/lists/oss-security/2015/03/25/1
- http://www.openwall.com/lists/oss-security/2015/03/27/13
- http://www.openwall.com/lists/oss-security/2015/03/27/5
- http://www.securityfocus.com/bid/73330
- https://security.gentoo.org/glsa/201606-15
- https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1
- http://www.debian.org/security/2015/dsa-3208
- http://www.openwall.com/lists/oss-security/2015/03/25/1
- http://www.openwall.com/lists/oss-security/2015/03/27/13
- http://www.openwall.com/lists/oss-security/2015/03/27/5
- http://www.securityfocus.com/bid/73330
- https://security.gentoo.org/glsa/201606-15
- https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1
Products affected by CVE-2015-2776
-
cpe:2.3:a:gaia-gis:freexl:-
-
cpe:2.3:a:gaia-gis:freexl:0.0.1
-
cpe:2.3:a:gaia-gis:freexl:0.0.2
-
cpe:2.3:a:gaia-gis:freexl:0.0.3
-
cpe:2.3:a:gaia-gis:freexl:1.0.0a
-
cpe:2.3:a:gaia-gis:freexl:1.0.0b
-
cpe:2.3:a:gaia-gis:freexl:1.0.0c
-
cpe:2.3:a:gaia-gis:freexl:1.0.0d
-
cpe:2.3:a:gaia-gis:freexl:1.0.0e
-
cpe:2.3:a:gaia-gis:freexl:1.0.0f
-
cpe:2.3:a:gaia-gis:freexl:1.0.0g
-
cpe:2.3:a:gaia-gis:freexl:1.0.0h
-
cpe:2.3:o:debian:debian_linux:7.0