Vulnerability Details : CVE-2015-2776
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-2776
Probability of exploitation activity in the next 30 days: 3.35%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-2776
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-2776
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2776
-
http://www.openwall.com/lists/oss-security/2015/03/27/5
oss-security - Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g
-
http://www.debian.org/security/2015/dsa-3208
Debian -- Security Information -- DSA-3208-1 freexlThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/03/27/13
oss-security - Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g
-
http://www.openwall.com/lists/oss-security/2015/03/25/1
oss-security - CVE Request: Multiple vulnerabilities in freexl 1.0.0g
-
http://www.securityfocus.com/bid/73330
FreeXL Stack Based Buffer Overflow and Denial of Service Vulnerabilities
-
https://security.gentoo.org/glsa/201606-15
FreeXL: Multiple vulnerabilities (GLSA 201606-15) — Gentoo securityThird Party Advisory
-
https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1
FreeXL: Diff
Products affected by CVE-2015-2776
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:gaia-gis:freexl:*:*:*:*:*:*:*:*