Branch sisyphus update bulletin.

Package freexl updated to version 1.0.0i-alt1 for branch sisyphus in task 141641.

Published: 2015-03-31
Modified: 2025-04-12

CVE-2015-2753

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-03-31
Modified: 2025-04-12

CVE-2015-2754

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-03-31
Modified: 2025-04-12

CVE-2015-2776

The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Version: 2.1.2

Branch sisyphus update on 2015-03-10

ALT-BU-2015-2346-1

ALT-PU-2015-1268-1

Closed vulnerabilities

CVE-2015-2753

CVE-2015-2754

CVE-2015-2776