An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
{
"unresolved_ranges": [
{
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "10.0"
},
{
"last_affected": "10.0"
}
],
"cpes": [
"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
],
"vendor_product": "debian:debian_linux"
}
]
}