CVE-2008-0668 — Integer Overflow or Wraparound in Gnumeric

CWE-189 CWE-190 — Integer Overflow or Wraparound7 documents7 sources

Severity

9.3CRITICALNVD

EPSS

7.5%

top 8.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gnumeric Debian Gnumeric

Timeline

PublishedFeb 11

Latest updateMay 1

Description

The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶Debiangnome/gnumeric< 1.8.1-1+3

▶NVDgnome/gnumeric1.7.91

▶debiandebian/gnumeric< gnumeric 1.8.1-1 (bookworm)

Patches

Patch: secunia.com ↗Patch: www.gnome.org ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-ff87-x3fm-p744: The excel_read_HLINK function in plugins/excel/ms-excel-read↗2022-05-01

▶

OSV

CVE-2008-0668: The excel_read_HLINK function in plugins/excel/ms-excel-read↗2008-02-11

▶

📋Vendor Advisories

Ubuntu

Gnumeric vulnerability↗2008-04-22

▶

Debian

CVE-2008-0668: gnumeric - The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office G...↗2008

▶

Red Hat

gnumeric: integer overflow and signedness errors in XLS processing↗2007-12-24

▶

💬Community

Bugzilla

CVE-2008-0668 gnumeric: integer overflow and signedness errors in XLS processing↗2008-02-01

▶