CVE-2013-6836

Exploit

EPSS 1.16%
Veröffentlicht 19.12.2013 04:24:57
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnome ≫ Gnumeric Version <= 1.12.8

Gnome ≫ Gnumeric Version1.12.0

Gnome ≫ Gnumeric Version1.12.1

Gnome ≫ Gnumeric Version1.12.2

Gnome ≫ Gnumeric Version1.12.3

Gnome ≫ Gnumeric Version1.12.4

Gnome ≫ Gnumeric Version1.12.5

Gnome ≫ Gnumeric Version1.12.6

Gnome ≫ Gnumeric Version1.12.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.16%	0.766

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-updates/2014-02/msg00018.html

http://secunia.com/advisories/56678

http://www.securityfocus.com/bid/64459

https://bugzilla.gnome.org/show_bug.cgi?id=712772

Exploit

https://git.gnome.org/browse/gnumeric/commit/?id=b5480b69345b3c6d56ee0ed9c9e9880bb2a08cdc

Patch

Exploit

https://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtml

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-6836

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-6836

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-6836

EUVD