CVE-2017-2897
First published: Mon Nov 20 2017(Updated: )
An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libxls Project Libxls | =1.4.0 | |
| debian/r-cran-readxl | 1.3.0-1 1.3.1-2 1.4.2-1 1.4.3-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-2897 vulnerability?
CVE-2017-2897 is an exploitable out-of-bounds write vulnerability in the read_MSAT function of libxls 1.4, which can be triggered by a specially crafted XLS file and can result in remote code execution.
What is the severity of CVE-2017-2897?
The severity of CVE-2017-2897 is high with a CVSS score of 7.8.
How does CVE-2017-2897 affect software?
CVE-2017-2897 affects libxls 1.4 and r-cran-readxl package versions 1.3.0-1, 1.3.1-2, 1.4.2-1, and 1.4.3-1 on Debian, as well as Libxls Project Libxls version 1.4.0.
How can CVE-2017-2897 be fixed?
To fix CVE-2017-2897, update to a version of the affected software that is not vulnerable, such as r-cran-readxl package versions 1.4.4-1 or higher on Debian.
Where can I find more information about CVE-2017-2897?
More information about CVE-2017-2897 can be found at the following references: [link1], [link2], [link3].
- collector/nvd-index
- collector/security-tracker-debian
- vendor/libxls project
- canonical/libxls project libxls
- version/libxls project libxls/1.4.0
- package-manager/debian