CVE-2017-2897 — Out-of-bounds Write in Project Libxls

CWE-787 — Out-of-bounds Write CWE-415 — Double Free10 documents6 sources

Severity

7.8HIGHNVD

NVD6.5

EPSS

0.3%

top 46.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian R-cran-readxl Libxls Project Libxls

Timeline

PublishedNov 20

Latest updateMay 6

Description

An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlibxls_project/libxls1.4.0

▶debiandebian/r-cran-readxl< r-cran-readxl 1.2.0.9000-1 (bookworm)+1

🔴Vulnerability Details

GHSA

GHSA-r369-mhv6-47fj: The read_MSAT function in ole↗2022-05-13

▶

GHSA

GHSA-8p96-2vj8-w389: An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1↗2022-05-13

▶

OSV

CVE-2018-20450: The read_MSAT function in ole↗2018-12-25

▶

OSV

CVE-2017-2897: An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1↗2017-11-20

▶

📋Vendor Advisories

Debian

CVE-2018-20450: r-cran-readxl - The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows at...↗2018

▶

Debian

CVE-2017-2897: r-cran-readxl - An exploitable out-of-bounds write vulnerability exists in the read_MSAT functio...↗2017

▶

📄Research Papers

arXiv

Directed Greybox Fuzzing via Large Language Model↗2025-05-06

▶

💬Community

Bugzilla

CVE-2017-2897 libxls: out-of-bounds vulnerability in the read_MSAT function which could result in remote code execution↗2020-04-29

▶