Debian R-Cran-Readxl vulnerabilities

18 known vulnerabilities affecting debian/r-cran-readxl.

Total CVEs
18
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH9LOW9

Vulnerabilities

Page 1 of 1
CVE-2023-38853LOWCVSS 6.52023
CVE-2023-38853 [MEDIUM] CVE-2023-38853: r-cran-readxl - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execu... Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2023-38856LOWCVSS 6.52023
CVE-2023-38856 [MEDIUM] CVE-2023-38856: r-cran-readxl - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execu... Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2023-38851LOWCVSS 6.52023
CVE-2023-38851 [MEDIUM] CVE-2023-38851: r-cran-readxl - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execu... Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2023-38852LOWCVSS 6.52023
CVE-2023-38852 [MEDIUM] CVE-2023-38852: r-cran-readxl - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execu... Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2023-38854LOWCVSS 6.52023
CVE-2023-38854 [MEDIUM] CVE-2023-38854: r-cran-readxl - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execu... Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlstool.c:296. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2023-38855LOWCVSS 6.52023
CVE-2023-38855 [MEDIUM] CVE-2023-38855: r-cran-readxl - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execu... Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2021-27836LOWCVSS 6.52021
CVE-2021-27836 [MEDIUM] CVE-2021-27836: r-cran-readxl - An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6... An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2020-27819LOWCVSS 5.52020
CVE-2020-27819 [MEDIUM] CVE-2020-27819: r-cran-readxl - An issue was discovered in libxls before and including 1.6.1 when reading Micros... An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved tr
debian
CVE-2018-20450HIGHCVSS 7.8fixed in r-cran-readxl 1.2.0.9000-1 (bookworm)2018
CVE-2018-20450 [HIGH] CVE-2018-20450: r-cran-readxl - The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows at... The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897. Scope: local bookworm: resolved (fixed in 1.2.0.9000-1) bullseye: resolved (fixed in 1.2.0.9000-1) forky: resolved (fixed in 1.2.0.9000-1) sid: resolved (fixed
debian
CVE-2018-20452HIGHCVSS 8.8fixed in r-cran-readxl 1.2.0.9000-1 (bookworm)2018
CVE-2018-20452 [HIGH] CVE-2018-20452: r-cran-readxl - The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that al... The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c. Scope: local bookworm: resolved (fixed in 1.2.0.9000-1) bullseye:
debian
CVE-2017-2919HIGHCVSS 7.8fixed in r-cran-readxl 1.0.0-2 (bookworm)2017
CVE-2017-2919 [HIGH] CVE-2017-2919: r-cran-readxl - An exploitable stack based buffer overflow vulnerability exists in the xls_getfc... An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability Scope: local bookworm: resolved (fixed in 1.0.0-2) bullseye: resolved (fixed in 1.0.0-2)
debian
CVE-2017-2897HIGHCVSS 7.8fixed in r-cran-readxl 1.0.0-2 (bookworm)2017
CVE-2017-2897 [HIGH] CVE-2017-2897: r-cran-readxl - An exploitable out-of-bounds write vulnerability exists in the read_MSAT functio... An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 1.0.0-2) bullseye: resolved (fixed in 1.0.0-2) forky: resol
debian
CVE-2017-12109HIGHCVSS 8.8fixed in r-cran-readxl 1.0.0-2 (bookworm)2017
CVE-2017-12109 [HIGH] CVE-2017-12109: r-cran-readxl - An exploitable integer overflow vulnerability exists in the xls_preparseWorkShee... An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 1.0.0-2) bullseye:
debian
CVE-2017-2896HIGHCVSS 7.8fixed in r-cran-readxl 1.0.0-2 (bookworm)2017
CVE-2017-2896 [HIGH] CVE-2017-2896: r-cran-readxl - An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells f... An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 1.0.0-2) bullseye: resolved (fixed in 1.0.0-2) fork
debian
CVE-2017-12110HIGHCVSS 8.8fixed in r-cran-readxl 1.0.0-2 (bookworm)2017
CVE-2017-12110 [HIGH] CVE-2017-12110: r-cran-readxl - An exploitable integer overflow vulnerability exists in the xls_appendSST functi... An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution. Scope: local bookworm: resolved (fixed in 1.0.0-2) bullseye: resolved (fixed in 1.0.0-2) forky: resolved (fixed in 1.0.0-2) sid: resolved (fixed in 1.0.0-2) trixie: resolve
debian
CVE-2017-12108HIGHCVSS 8.8fixed in r-cran-readxl 1.0.0-2 (bookworm)2017
CVE-2017-12108 [HIGH] CVE-2017-12108: r-cran-readxl - An exploitable integer overflow vulnerability exists in the xls_preparseWorkShee... An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 1.0.0-2) bullsey
debian
CVE-2017-12111HIGHCVSS 8.8fixed in r-cran-readxl 1.0.0-2 (bookworm)2017
CVE-2017-12111 [HIGH] CVE-2017-12111: r-cran-readxl - An exploitable out-of-bounds vulnerability exists in the xls_addCell function of... An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 1.0.0-2) bullseye: resolved (fixed in 1
debian
CVE-2017-2910LOWCVSS 8.82017
CVE-2017-2910 [HIGH] CVE-2017-2910: r-cran-readxl - An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell funct... An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian