Freexl
CVE-2015-2754
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."
AnalysisAI
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF." Affected products include: Gaia-Gis Freexl, Debian Debian Linux. Version information: before 1.0.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in FreeXL before 1.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitab
An issue was discovered in FreeXL before 1.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitab
An issue was discovered in FreeXL before 1.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitab
An issue was discovered in FreeXL before 1.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitab
An issue was discovered in FreeXL before 1.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitab
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitra
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption)
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today