Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.
Max CVSS
4.3
EPSS Score
1.62%
Published
2013-12-19
Updated
2016-12-31
Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
Max CVSS
6.9
EPSS Score
0.04%
Published
2009-01-28
Updated
2009-04-16
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
13.03%
Published
2008-02-11
Updated
2011-03-08
3 vulnerabilities found